CVE-2026-32121

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.1

Description OpenEMR is an electronic health records and medical practice management application. A stored cross-site scripting (XSS) issue exists in the prescription CSS/HTML print view via patient demographics. This involves server-side rendering of patient names using a raw PHP echo and client-side DOM-based rendering via jQuery .html() in a separate component (portal/sign/assets/signer api.js). The root cause is unsanitized patient names in patient data. The issue has different sinks, affected components, and trigger actions, requiring independent fixes.

Recommendations Versions prior to 8.0.0.1 should be updated to version 8.0.0.1 or later.