CVE-2026-32125

Medium CVSS: 5.4

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input (POST) and later rendered in Dygraph charts (titles/labels) using innerHTML or equivalent without escaping. A user who can create or edit Track Anything items can inject script that runs when any user views the corresponding graph. This vulnerability is fixed in 8.0.0.1.

Vendor

Open-emr

Product

Openemr

CWE

CWE-79

Yayın Tarihi

2026-03-11 21:16:18

Güncelleme

2026-03-13 15:47:01

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Openemr MEDIUM Open-emr 2026

Referanslar

https://github.com/openemr/openemr/security/advisories/GHSA-244w-vxhp-7x99

Benzer Kayıtlar

High

CVE-2026-34053

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio…

High

CVE-2026-34055

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio…

High

CVE-2026-34056

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access…

Medium

CVE-2026-33933

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in ver…

Medium

CVE-2026-33934

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior…

Medium

CVE-2026-34051

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior…