CVE-2026-32121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

Exploring User Risk Factors and Target Groups for Phishing Victimization in Pakistan

Phishing attacks pose a significant cybersecurity threat globally. This study investigates phishing susceptibility within the Pakistani population, examining the influence of demographic factors, technological aptitude and usage, previous phishing victimization, and email characteristics. Data wa...

TikTok is misusing kids’ data, says privacy watchdog

A group of privacy commissioners in Canada have accused TikTok of scooping up information about hundreds of thousands of children who shouldn't have been on the platform. The Chinese social media giant is also accused of collecting data on Canadian users without properly explaining what it does...

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860

OpenEMR (before version 7.0.3.4) is affected by a stored XSS in the Additional Addresses section of Patient Demographics. An authenticated user with patient creation/editing privileges can inject JavaScript via (1) Text Box fields (Address, Address Line 2, Postal Code, City) and (2) Drop Down opt...

PT-2025-22811 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.3.4 Description: A stored cross-site scripting XSS issue allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system. This can be done by enterin...

massachusetts-demographics.com Cross Site Scripting vulnerability OBB-4042421

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

arizona-demographics.com Cross Site Scripting vulnerability OBB-4040643

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

oklahoma-demographics.com Cross Site Scripting vulnerability OBB-4031130

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The Uniquely American Future of US Authoritarianism

The GOP-fueled far right differs from similar movements around the globe, thanks to the country’s politics, electoral system, and changing demographics...

texas-demographics.com Cross Site Scripting vulnerability OBB-3230102

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kansas-demographics.com Cross Site Scripting vulnerability OBB-3224705

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

florida-demographics.com Cross Site Scripting vulnerability OBB-3224700

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...