CVE-2023-2949
Cross-site Scripting (XSS) – Reflected in GitHub repository openemr/openemr prior to 7.0.1.
Source: CVE-2023-2949
[월:] 2023년 05월
CVE-2023-2948
CVE-2023-2948
Cross-site Scripting (XSS) – Generic in GitHub repository openemr/openemr prior to 7.0.1.
Source: CVE-2023-2948
CVE-2023-2947
CVE-2023-2947
Cross-site Scripting (XSS) – Stored in GitHub repository openemr/openemr prior to 7.0.1.
Source: CVE-2023-2947
CVE-2023-2946
CVE-2023-2946
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Source: CVE-2023-2946
CVE-2023-2943
CVE-2023-2943
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
Source: CVE-2023-2943
CVE-2023-2945
CVE-2023-2945
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Source: CVE-2023-2945
CVE-2023-2944
CVE-2023-2944
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Source: CVE-2023-2944
CVE-2023-2942
CVE-2023-2942
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
Source: CVE-2023-2942
CVE-2015-20108
CVE-2015-20108
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
Source: CVE-2015-20108
CVE-2023-32695
CVE-2023-32695
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.
Source: CVE-2023-32695