CVE-2026-46518

OpenEMR vulnerability CVE-2026-46518: a stored XSS in the prescription CSS/HTML multi-print feature affects OpenEMR prior to version 8.0.0.1. A patient portal user can inject attacker-controlled HTML into patient_data via PUT /api/patient/:num and trigger JavaScript execution in a clinician’s bro...

CVE-2026-3011

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

CVE-2026-35576 ChurchCRM has Stored Cross-Site Scripting (XSS) in Person Properties via PrintView.php

ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting XSS vulnerability exists in ChurchCRM within the Person Property Management subsystem. This issue persists in versions patched for CVE-2023-38766 and allows an authenticated user to inject arbitrar...

CVE-2026-35576 ChurchCRM has Stored Cross-Site Scripting (XSS) in Person Properties via PrintView.php

ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting XSS vulnerability exists in ChurchCRM within the Person Property Management subsystem. This issue persists in versions patched for CVE-2023-38766 and allows an authenticated user to inject arbitrar...

CVE-2026-33303

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

CVE-2026-32121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

EUVD-2026-13223

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

CVE-2026-33303

CVE-2026-33303 affects OpenEMR prior to 8.0.0.2. A stored XSS vulnerability exists in the portal credential print view where an unescaped patient portal username (portal_login_username) can be injected by a patient, executing in a clinic staff member’s browser when accessing the "Create Portal Lo...

CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

PT-2026-26345

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portal login username in the portal credential print view. A patient portal user can set their login...

CVE-2026-32121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

EUVD-2026-11389

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

CVE-2026-25930

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...

CVE-2023-22728

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

PT-2024-40189 · Silverstripe · Silverstripe Gridfield

Name of the Vulnerable Software and Affected Versions: Silverstripe GridField affected versions not specified Description: A cross-site scripting issue has been found in the print view of GridField. This can be exploited if a user with CMS access posts malicious or unescaped HTML into any field o...

CVE-2023-22728

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

Design/Logic Flaw

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

CVE-2023-22728 Silverstripe Framework has missing permission check of canView in GridFieldPrintButton

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...