CVE-2025-32967

OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This...

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860

OpenEMR (before version 7.0.3.4) is affected by a stored XSS in the Additional Addresses section of Patient Demographics. An authenticated user with patient creation/editing privileges can inject JavaScript via (1) Text Box fields (Address, Address Line 2, Postal Code, City) and (2) Drop Down opt...

CVE-2025-32967 OpenEMR doesn't log password administration properly

OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This...