CVE-2026-33912

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.3

Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could create a malicious form. When submitted by a victim, this form executes arbitrary JavaScript in the victim’s browser session. The attacker crafts the malicious form and relies on a victim to submit it.

Recommendations Update to version 8.0.0.3 or later.