CVE Tools

openmrs

Enterprise Softwareoss-project

11

Cumulative CVEs

2

Monthly snapshots

#73

Peak rank

Top products

admin ui module3 reference application2 appointment scheduling module2

Latest CVEs

The 15 most recently published vulnerabilities affecting openmrs.

CVE-2026-41258OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRange9.1May 15, 2026
CVE-2026-40076OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload8.8May 6, 2026
CVE-2026-40075OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet7.5May 5, 2026
CVE-2025-25929A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a...5.4Mar 11, 2025
CVE-2025-25928A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an at...8.0Mar 11, 2025
CVE-2025-25927A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request.6.8Mar 11, 2025
CVE-2025-25925A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName ...4.8Mar 11, 2025
CVE-2020-36636OpenMRS Admin UI Module Account Setup AccountPageController.java sendErrorMessage cross site scripting3.5Dec 27, 2022
CVE-2021-4292OpenMRS Admin UI Module Manage Privilege Page privilege.gsp cross site scripting3.5Dec 27, 2022
CVE-2021-4291OpenMRS Admin UI Module location.gsp cross site scripting3.5Dec 27, 2022
CVE-2020-36635OpenMRS Appointment Scheduling Module AppointmentTypeValidator.java validateFieldName cross site scripting3.5Dec 27, 2022
CVE-2021-4289OpenMRS openmrs-module-referenceapplication User App Page UserAppPageController.java post cross site scripting3.5Dec 27, 2022
CVE-2021-4288OpenMRS openmrs-module-referenceapplication userApp.gsp cross site scripting3.5Dec 27, 2022
CVE-2021-4284OpenMRS HTML Form Entry UI Framework Integration Module cross site scripting3.5Dec 27, 2022
CVE-2022-4727OpenMRS Appointment Scheduling Module Notes AppointmentRequest.java getNotes cross site scripting3.5Dec 24, 2022