🔒 OpenMRS O3 Security Dashboard

Continuous Security Testing with CVSS Vulnerability Scoring

Last Updated: 2026-05-25 21:57:43 EST

Total Tests

48

Passed

47

Failed

1

Duration

10.4m

✅ Authentication Max CVSS trend: 8 passed  /  0 failed  · 8 tests
Passed Tests 8 tests
Test Name Description Status CVSS Score (Baseline) Severity Duration
Brute Force Attack On Login Page Causes Lockout Tests whether the system will lockout an attacker from a brute force attack. PASS 9.2 CRITICAL 12.92s
Brute Force Attack On Rest Api Causes Lockout Tests whether the system will lockout an attacker from a brute force attack. PASS 9.2 CRITICAL 0.16s
Brute Force Password Attack Via Rest Api With Known Admin Username Tests whether an attacker can login accross the API using a known username and random passwords. PASS 10.0 CRITICAL 0.10s
Brute Force Password Attack With Known Admin Username Tests whether an attacker can login to the login page using a known username and random passwords. PASS 10.0 CRITICAL 15.24s
Lockout On Login Page Is Accessible After 5 Minutes Tests whether an account is accessible after a 5 minute waiting period PASS 9.0 CRITICAL 11.43s
Lockout On Login Page Is Not Accessible At 4 Minutes And 50 Seconds Tests whether an account is accessible after a 4 minute and 50 second waiting period PASS 9.2 CRITICAL 13.36s
Lockout On Rest Api Is Accessible After 5 Minutes Tests whether an account is accessible after a 5 minute waiting period PASS 9.0 CRITICAL 0.16s
Lockout On Rest Api Is Not Accessible At 4 Minutes And 50 Seconds Tests whether an account is accessible after a 4 minute and 50 second waiting period PASS 9.2 CRITICAL 0.14s
✅ Cryptographic Failures Max CVSS trend: Not enough data 2 passed  /  0 failed  · 2 tests
Passed Tests 2 tests
Test Name Description Status CVSS Score (Baseline) Severity Duration
The Openmrs Application Should Not Use The Default Encryption Key The current encrpytion key should not match the default key for the system. PASS 10.0 CRITICAL 0.02s
The Openmrs Application Should Not Use The Default Encryption Vector The current encrpytion vector should not match the default vector for the system. PASS 10.0 CRITICAL 0.02s
⚠️ Session Management Highest CVSS: 9.2 — CRITICAL Max CVSS trend: 0.0 — 4 passed  /  1 failed  · 5 tests
Failed Tests 1 test
Test Name Description Status CVSS Score (Baseline) Severity Duration
Cookies Have Secure Attribute Test whether cookies have the secure attribute enabled. FAIL 9.2 CRITICAL 2.88s
Passed Tests 4 tests
Test Name Description Status CVSS Score (Baseline) Severity Duration
Session Cookie Should Change When Logging Out After a user logs out of a system, the cookie holding information about the login should expire and a new one should be created PASS 9.2 CRITICAL 5.52s
Cookies Have Httponly Attribute Test whether cookies have the HTTPOnly attribute enabled. PASS 9.2 CRITICAL 2.87s
Session Cookie Hijacked After a user logs out of a system, the cookie holding information about the login is used to try and regain access PASS 9.2 CRITICAL 5.59s
Cookies Have Samesite Attribute Test whether cookies have the SameSite attribute to Strict or Lax. PASS 5.1 MEDIUM 2.95s
✅ Sql Injection Max CVSS trend: Not enough data 3 passed  /  0 failed  · 3 tests
Passed Tests 3 tests
Test Name Description Status CVSS Score (Baseline) Severity Duration
Sql Injection On First Name Field Of Edit Patient Page A parameterized test to try several potential SQL injection strings that target the person_name table of the OpenMRS O3 data model. PASS 9.2 CRITICAL 21.33s
Sql Injection On Middle Name Field Of Edit Patient Page A parameterized test to try several potential SQL injection strings that target the person_name table of the OpenMRS O3 data model. PASS 9.2 CRITICAL 13.85s
Sql Injection On Family Name Field Of Edit Patient Page A parameterized test to try several potential SQL injection strings that target the person_name table of the OpenMRS O3 data model. PASS 9.2 CRITICAL 13.66s
✅ Xss Max CVSS trend: 30 passed  /  0 failed  · 30 tests
Passed Tests 30 tests
Test Name Description Status CVSS Score (Baseline) Severity Duration
Xss Injection On First Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.89s
Xss Injection On First Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 17.10s
Xss Injection On First Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 17.25s
Xss Injection On Middle Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.93s
Xss Injection On Middle Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.49s
Xss Injection On Middle Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.92s
Xss Injection On Family Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.54s
Xss Injection On Family Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 17.14s
Xss Injection On Family Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.37s
Xss Injection On Address 1 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.61s
Xss Injection On Address 1 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.73s
Xss Injection On Address 1 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.86s
Xss Injection On Address 2 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.42s
Xss Injection On Address 2 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.58s
Xss Injection On Address 2 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.74s
Xss Injection On City Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 17.01s
Xss Injection On City Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.81s
Xss Injection On City Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.59s
Xss Injection On State Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 17.18s
Xss Injection On State Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.56s
Xss Injection On State Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.50s
Xss Injection On Country Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.82s
Xss Injection On Country Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.54s
Xss Injection On Country Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 17.06s
Xss Injection On Postal Code Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.59s
Xss Injection On Postal Code Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.60s
Xss Injection On Postal Code Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.57s
Xss Injection On Phone Number Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.73s
Xss Injection On Phone Number Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 17.30s
Xss Injection On Phone Number Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.99s

OpenMRS O3 Continuous Security Testing

Powered by CVSS 4.0 | GitHub Repository | PyTest Report