CVE-2026-33933

Name of the Vulnerable Software and Affected Versions OpenEMR versions 7.0.2.1 through 8.0.0.2

Description OpenEMR is an electronic health records and medical practice management application. A reflected cross-site scripting (XSS) issue exists in the custom template editor. An attacker can execute arbitrary JavaScript in an authenticated staff member’s browser session by sending a crafted URL. The attacker does not require an OpenEMR account to exploit this. The vulnerability affects versions prior to 8.0.0.3.

Recommendations Update to version 8.0.0.3 or later.