CVE-2026-46518

HIGH EPSS 10.9%
Published Jun 10, 20263w ago · Modified Jun 17, 20261w ago
8.7 CVSS 3.1
High
Find Similar
Published Jun 10, 2026 3w ago
Last Modified Jun 17, 2026 1w ago

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a clinician's browser session. Patient demographic fields (name, address) are rendered without output encoding in multiprintcss_header(), and portal patients can write attacker-controlled HTML directly into patient_data by calling the PUT api/patient/:num endpoint, which bypasses the intended audit review workflow. Because the XSS fires in the clinician's authenticated session on the main OpenEMR interface, the attacker can access CSRF tokens, session data, and perform actions as the clinician — crossing the patient-to-clinician trust boundary. This issue has been patched in version 8.0.0.1.

CVSS Details

Base Score
8.7
Exploitability
2.3
Impact
5.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
10.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection
CWE-862 Missing Authorization Authorization

Affected Products 1

VendorProductVersionRange
open-emropenemr* <8.0.0.1

References 1

  • github.com https://github.com/openemr/openemr/security/advisories/GHSA-4gh4-q39r-45wf
    ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.