5 matches found
CVE-2026-32124
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...
CVE-2026-32124
OpenEMR’s dynamic code picker (AJAX) endpoint returns code_text without HTML escaping prior to version 8.0.0.1, allowing stored XSS via a malicious description entered by an admin or a user with code management rights. The vulnerability affects the rendering in front-end components (e.g., DataTab...
EUVD-2026-11395
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...
CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...
PT-2026-24845
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions code text that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or use...