5 matches found
CVE-2026-25930
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...
CVE-2026-25930 OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...
CVE-2026-25930
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...
PT-2026-21984
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Versions prior to 8.0.0 do not properly verify user authorization when accessing Layout-Based Form LBF printable...
CVE-2021-39416
Multiple Cross Site Scripting XSS vulnerabilities exists in Remote Clinic v2.0 in 1 patients/register-patient.php via the a Contact, b Email, c Weight, d Profession, e refcontact, f address, g gender, h age, and i serial parameters; in 2 patients/edit-patient.php via the a Contact, b Email, c...