CVE-2025-67491

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable $data is passed in a click event handler enclosed in...

CVE-2025-67491 OpenEMR has Stored XSS in ub04 helper

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable $data is passed in a click event handler enclosed in...

CVE-2025-67491

OpenEMR vulnerability CVE-2025-67491 affects versions 5.0.0.5–7.0.3.4, with a stored cross-site scripting flaw in the ub04 billing helper. The issue arises when $data is placed in a single-quoted click event handler without proper sanitization, allowing a malicious user to inject JS payloads desp...

CVE-2025-67491

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable $data is passed in a click event handler enclosed in...

CVE-2025-67491 OpenEMR has Stored XSS in ub04 helper

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable $data is passed in a click event handler enclosed in...