Show filters
31 Total Results
Displaying 1-10 of 31
Sort by:
Attacker Value
Unknown

CVE-2022-31496

Disclosure Date: June 09, 2022 (last updated October 07, 2023)
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-31497

Disclosure Date: June 08, 2022 (last updated October 07, 2023)
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31495

Disclosure Date: June 07, 2022 (last updated October 07, 2023)
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31494

Disclosure Date: June 06, 2022 (last updated October 07, 2023)
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31498

Disclosure Date: June 06, 2022 (last updated October 07, 2023)
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31492

Disclosure Date: June 06, 2022 (last updated October 07, 2023)
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31493

Disclosure Date: June 06, 2022 (last updated October 07, 2023)
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29940

Disclosure Date: May 05, 2022 (last updated February 23, 2025)
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29939

Disclosure Date: May 05, 2022 (last updated February 23, 2025)
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29938

Disclosure Date: May 05, 2022 (last updated February 23, 2025)
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  Next >