Lucene search
K

13 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...

8.7CVSS4.9AI score0.00208EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/09 10:50 p.m.37 views

CVE-2026-46518 OpenEMR: Stored XSS in prescription CSS/HTML print view via patient demographics

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

7.7CVSS0.00208EPSS
Exploits1References1
CVE
CVE
added 2026/06/09 10:50 p.m.22 views

CVE-2026-46518

OpenEMR vulnerability CVE-2026-46518: a stored XSS in the prescription CSS/HTML multi-print feature affects OpenEMR prior to version 8.0.0.1. A patient portal user can inject attacker-controlled HTML into patient_data via PUT /api/patient/:num and trigger JavaScript execution in a clinician’s bro...

8.7CVSS5.5AI score0.00208EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...

7.7CVSS5.7AI score0.00191EPSS
Exploits1References1
NVD
NVD
added 2026/02/27 5:16 p.m.16 views

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS0.0022EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/25 4:12 p.m.16 views

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

7.6CVSS5.8AI score0.03411EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/05/23 4:15 p.m.3 views

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

7.6CVSS6AI score0.03411EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/05/23 4:15 p.m.19 views

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

7.6CVSS0.03411EPSS
Exploits1References1
CVE
CVE
added 2025/05/23 3:35 p.m.62 views

CVE-2025-43860

OpenEMR (before version 7.0.3.4) is affected by a stored XSS in the Additional Addresses section of Patient Demographics. An authenticated user with patient creation/editing privileges can inject JavaScript via (1) Text Box fields (Address, Address Line 2, Postal Code, City) and (2) Drop Down opt...

7.6CVSS6.8AI score0.03411EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/23 3:35 p.m.13 views

CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

7.6CVSS6AI score0.03411EPSS
Exploits1References1
OSV
OSV
added 2025/05/23 3:35 p.m.6 views

CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

7.6CVSS6AI score0.03411EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/05/23 3:35 p.m.25 views

CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

7.6CVSS0.03411EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.5 views

PT-2025-22811 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.3.4 Description: A stored cross-site scripting XSS issue allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system. This can be done by enterin...

7.6CVSS5.3AI score0.03411EPSS
Exploits1References9
Rows per page
Query Builder