eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
eClinicalWorks Population Health (CCMR) suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.