openmrs/openmrs-module-htmlformentry on GitHub
HTML Form Entry module
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2020-24621 | 8.8 HIGH | 6.5 MEDIUM | |
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed. | |||
CVE-2017-12795 | 9.8 CRITICAL | 7.5 HIGH | |
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). | |||
CVE-2018-16521 | 9.8 CRITICAL | 7.5 HIGH | |
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. |