PT-2026-21821 · Openemr · Openemr
Published
2026-02-25
·
Updated
2026-03-02
·
CVE-2025-69231
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OpenEMR versions prior to 8.0.0
Description
OpenEMR is an electronic health records and medical practice management application. A stored cross-site scripting issue exists in the GAD-7 anxiety assessment form. Authenticated users with clinician privileges can inject malicious JavaScript that executes when other users view the form. This can lead to session hijacking, account takeover, and privilege escalation from clinician to administrator. The GAD-7 anxiety assessment form is a feature used by clinicians to evaluate patient anxiety levels.
Recommendations
Update to OpenEMR version 8.0.0 to fix the stored cross-site scripting issue in the GAD-7 anxiety assessment form.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openemr