CVE-2026-32119 - Vulnerability Analysis
MediumCVSS: 4.4Last Updated: March 20, 2026
OpenEMR - Stored XSS
Published: March 19, 2026Updated: March 20, 2026PoC AvailableRemote Exploitable
Overview
OpenEMR < 8.0.0.2 contains a DOM-based stored XSS caused by improper handling in the jQuery SearchHighlight plugin, letting authenticated users with encounter form write access execute arbitrary JavaScript in other clinicians' browsers, exploit requires write access to encounter forms.
Severity & Score
Severity: Medium
CVSS Score: 4.4
Impact
Authenticated users can execute arbitrary JavaScript in other clinicians' browsers, potentially leading to session hijacking or data theft.
Mitigation
Update to version 8.0.0.2 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-32119
- Severity
- Medium
- CVSS Score
- 4.4
- Type
- stored_xss
- Status
- confirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N