CVE-2026-46518

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

CVE-2025-43860

OpenEMR (before version 7.0.3.4) is affected by a stored XSS in the Additional Addresses section of Patient Demographics. An authenticated user with patient creation/editing privileges can inject JavaScript via (1) Text Box fields (Address, Address Line 2, Postal Code, City) and (2) Drop Down opt...