CVE-2026-25743

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0

Description OpenEMR is an electronic health records and medical practice management application. A stored cross-site scripting (XSS) issue exists in the function responsible for displaying form answers. An authenticated attacker with the "Forms administration" role can inject arbitrary JavaScript code into the system by providing malicious input to form answers. This injected code is then executed when other users with the same role view the form answers within patient encounter pages or visit history. The vulnerable function is the one used to display form answers.

Recommendations Update to version 8.0.0 or later.