🔒 OpenMRS O3 Security Dashboard

Continuous Security Testing with CVSS Vulnerability Scoring

Last Updated: 2026-04-02 21:13:49 EST

Total Tests

37

Passed

34

Failed

3

Duration

14.3m

❌ Authentication Highest CVSS: 9.2 — CRITICAL Max CVSS trend: 0.0 — 0 passed  /  2 failed  · 2 tests
Failed Tests 2 tests
Test Name Description Status CVSS Score (Baseline) Severity Duration
Brute Force Password Attack Via Rest Api With Known Admin Username Tests account lockout and cooldown after 7 failed API login attempts with known username "admin". Uses CVSS 4.0 with dynamic scoring based on observed API-layer security mechanisms. Compares defense consistency with frontend brute force test. FAIL 9.2 CRITICAL 0.67s
Brute Force Password Attack With Known Admin Username Tests account lockout and cooldown after 7 failed login attempts with known username "admin". Uses CVSS 4.0 with dynamic scoring based on observed security mechanisms. FAIL 9.2 CRITICAL 5.7m
⚠️ Session Management Highest CVSS: 9.2 — CRITICAL Max CVSS trend: 0.0 — 4 passed  /  1 failed  · 5 tests
Failed Tests 1 test
Test Name Description Status CVSS Score (Baseline) Severity Duration
Cookies Have Secure Attribute Test whether cookies have the secure attribute enabled. FAIL 9.2 CRITICAL 3.29s
Passed Tests 4 tests
Test Name Description Status CVSS Score (Baseline) Severity Duration
Session Cookie Should Change When Logging Out After a user logs out of a system, the cookie holding information about the login should expire and a new one should be created PASS 9.2 CRITICAL 5.83s
Cookies Have Httponly Attribute Test whether cookies have the HTTPOnly attribute enabled. PASS 9.2 CRITICAL 3.43s
Session Cookie Hijacked After a user logs out of a system, the cookie holding information about the login is used to try and regain access PASS 9.2 CRITICAL 5.64s
Cookies Have Samesite Attribute Test whether cookies have the SameSite attribute to Strict or Lax. PASS 5.1 MEDIUM 3.24s
✅ Xss Max CVSS trend: Not enough data 30 passed  /  0 failed  · 30 tests
Passed Tests 30 tests
Test Name Description Status CVSS Score (Baseline) Severity Duration
Xss Injection On First Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 23.25s
Xss Injection On First Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.48s
Xss Injection On First Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.26s
Xss Injection On Middle Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.52s
Xss Injection On Middle Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.35s
Xss Injection On Middle Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.33s
Xss Injection On Family Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.20s
Xss Injection On Family Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.29s
Xss Injection On Family Name Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.27s
Xss Injection On Address 1 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.17s
Xss Injection On Address 1 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.18s
Xss Injection On Address 1 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.27s
Xss Injection On Address 2 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.14s
Xss Injection On Address 2 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.35s
Xss Injection On Address 2 Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.39s
Xss Injection On City Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.47s
Xss Injection On City Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.38s
Xss Injection On City Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.50s
Xss Injection On State Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.13s
Xss Injection On State Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.30s
Xss Injection On State Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.39s
Xss Injection On Country Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.45s
Xss Injection On Country Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.31s
Xss Injection On Country Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.35s
Xss Injection On Postal Code Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.47s
Xss Injection On Postal Code Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.57s
Xss Injection On Postal Code Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.26s
Xss Injection On Phone Number Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.48s
Xss Injection On Phone Number Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.46s
Xss Injection On Phone Number Field Of Edit Patient Page, Parameterized A parameterized test to try several potential XSS injection strings on the field of the edit patient page. PASS 4.4 MEDIUM 16.24s

OpenMRS O3 Continuous Security Testing

Powered by CVSS 4.0 | GitHub Repository | PyTest Report