Akarsh16Reddy

**Name of the Vulnerable Software and Affected Versions** OpenEMR versions prior to 7.0.3.4 **Description** A stored cross-site scripting (XSS) issue allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the `First` and `Last Name` fields during patient registration. This code is later executed when viewing the patient's encounter under Orders → Procedure Orders. **Recommendations** For versions prior to 7.0.3.4, update to version 7.0.3.4 to resolve the issue. As a temporary workaround, consider restricting access to the patient registration module to minimize the risk of exploitation. Avoid using the `First` and `Last Name` fields in the patient registration process until the issue is resolved.