XSS in Openemr

CVE-2026-33299

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill **Eye Exam** forms in patient encounters. The answers to the fo…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (46.3th percentile) — read the EPSS interpretation.

Affected products

Openemr — versions < 8.0.0.2

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/openemr/openemr/security/advisories/GHSA-pgvq-f22q-2whp (x_refsource_CONFIRM)
https://github.com/openemr/openemr/commit/dccc962f06bdf6105ca85c277915167caf3e7c28 (x_refsource_MISC)