CVE-2026-33299

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history...

CVE-2026-33348

OpenEMR has a stored XSS vulnerability in the Eye Exam form answers for the Notes - my encounters role. Versions prior to 8.0.0.3 allow an authenticated attacker with that role to inject arbitrary JavaScript via form answers, which is executed when other users view the form answers on encounter p...

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained a cross-site...

CVE-2026-33321

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

CVE-2026-33301 OpenEMR has arbitrary image file read via PDF generator

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

EUVD-2026-13160

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history...

CVE-2026-33299 OpenEMR has Stored XSS in patient encounter Eye Exam form answers

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history...

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained a cross-site...

CVE-2026-25743

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires "forms" in patient encounters. The answers to the forms are displayed on the encounter page and in th...

CVE-2026-25743

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires "forms" in patient encounters. The answers to the forms are displayed on the encounter page and in th...

PT-2026-21980

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A stored cross-site scripting XSS issue exists in the function responsible for displaying form answers. An...

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained a cross-site...

CVE-2023-26091

The frpformanswers aka Forms Export extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails...

PT-2023-20480 · Unknown · Frp Form Answers

Name of the Vulnerable Software and Affected Versions: frp form answers extension versions prior to 3.1.2 frp form answers extension versions 4.x prior to 4.0.2 Description: The issue allows XSS via saved emails. Recommendations: For frp form answers extension versions prior to 3.1.2, update to...