openmrs/openmrs-module-htmlformentry

openmrs/openmrs-module-htmlformentry

wiki.openmrs.org

Releases77

Frequency2 months 1 week

Last Release about 2 months ago

Stars44

HTML Form Entry module

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-24621 ↗	Sep 25, 2020Friday, 25 September 2020, 04:23	8.8 HIGH	6.5 MEDIUM
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.
CVE-2017-12795 ↗	May 10, 2019Friday, 10 May 2019, 15:29	—	7.5 HIGH
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
CVE-2018-16521 ↗	Sep 5, 2018Wednesday, 5 September 2018, 15:29	—	7.5 HIGH
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.