CVE-2026-32119

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

CVE-2026-32119

CVE-2026-32119 affects OpenEMR up to version 8.0.0.1 (fixed in 8.0.0.2). The issue is a DOM-based stored XSS in the jQuery SearchHighlight plugin (library/js/SearchHighlight.js) where an authenticated user with encounter form write access can inject arbitrary JavaScript that executes in another c...

CVE-2026-32119

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

PT-2026-26333

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

CVE-2025-7633

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report...

EUVD-2025-84364

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report...

CVE-2025-7633

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report...

CVE-2025-7633

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report...

CVE-2025-7633 Stored XSS

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report...

EUVD-2019-7440

Malware in sbrugna...

CVE-2019-16962

Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report...

CVE-2022-0550

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks...

Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rkelly' class MetasploitModule 'Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal', 'Description' = %q This module exploits a...

Citrix DAAS Console

Introduction This article is a summary of the top support articles related to Citrix Daas web consoles: Web Studio and Monitor. Top Knowledge Content Director CTX257614 - How to create a detailed custom report from the Cloud Hosted Director Monitor Web Studio CTX477615 - Studio Console Shows...

SQL Injection

pimcore/pimcore is vulnerable to SQL Injection. The vulnerability exists in Sql.php because the custom report filters are not properly optimized which allows an attacker to inject and execute malicious SQL queries...

Input validation

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks...

Local File Inclusion

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Local File Inclusion. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class...