Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves client-side DOM-based rendering via jQuery .html() in a completely different component (portal/sign/assets/signer_api.js). The two share the same root cause (unsanitized patient names in patient_data), but they have different sinks, different affected components, different trigger actions, and require independent fixes. This vulnerability is fixed in 8.0.0.1.
Published: 2026-03-11
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Stored DOM XSS
Action: Patch Immediately
AI Analysis

Impact

This vulnerability arises from the client‑side use of jQuery's .html() method in the portal sign‑er modal of OpenEMR. Patient names are rendered by the application without proper sanitization and are then inserted into the DOM via .html(), allowing an attacker to inject arbitrary JavaScript. The injection can lead to the execution of script in the context of the portal, potentially stealing session cookies, defacing the interface, or redirecting users. The root cause is unsanitized patient names stored in patient_data, consistent with the CWE‑79 classification.

Affected Systems

The flaw exists in all OpenEMR releases prior to version 8.0.0.1. The affected component is the portal sign‑er modal located at portal/sign/assets/signer_api.js. The product is openemr:openemr, any platform supported by this open source application. The specific vulnerable versions are all releases before 8.0.0.1.

Risk and Exploitability

The CVSS score of 7.7 reflects a high severity impact, and the EPSS score of less than 1% indicates a low likelihood of widespread exploitation at the moment. However, the vulnerability can be exploited by an attacker who has the ability to create or modify a patient name, a capability generally available to users with access to the patient records. The attack vector is client‑side DOM, requiring the victim to view the portal sign‑er modal. The vulnerability is not listed in the CISA KEV catalog, implying no known exploits, but future exploitation is possible if a malicious script is injected into a patient’s record and viewed.

Generated by OpenCVE AI on March 17, 2026 at 16:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenEMR to version 8.0.0.1 or newer

Generated by OpenCVE AI on March 17, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Open-emr
Open-emr openemr
CPEs cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
Vendors & Products Open-emr
Open-emr openemr

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Openemr
Openemr openemr
Vendors & Products Openemr
Openemr openemr

Wed, 11 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves client-side DOM-based rendering via jQuery .html() in a completely different component (portal/sign/assets/signer_api.js). The two share the same root cause (unsanitized patient names in patient_data), but they have different sinks, different affected components, different trigger actions, and require independent fixes. This vulnerability is fixed in 8.0.0.1.
Title OpenEMR: Stored DOM XSS via `.html()` in Portal Signer Modal
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

Open-emr Openemr
Openemr Openemr
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-12T14:07:53.525Z

Reserved: 2026-03-10T22:19:36.544Z

Link: CVE-2026-32121

cve-icon Vulnrichment

Updated: 2026-03-12T14:07:47.912Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T21:16:17.817

Modified: 2026-03-13T15:49:20.827

Link: CVE-2026-32121

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:37:03Z

Weaknesses