CVE-2026-32121 - Vulnerability Analysis
HighCVSS: 7.7Last Updated: March 13, 2026
OpenEMR - Stored XSS
Overview
OpenEMR < 8.0.0.1 contains a stored XSS caused by unsanitized patient names in patient_data rendered via jQuery .html() in portal/sign/assets/signer_api.js, letting attackers execute scripts in client browsers, exploit requires victim interaction.
Severity & Score
Impact
Attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of the user.
Mitigation
Update to version 8.0.0.1 or later.
Social Media Activity(2 posts)
š CVE-2026-32121 - High (7.7) OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of pat... š https://www.thehackerwire.com/vulnerability/CVE-2026-32121/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-32121 - High (7.7) OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of pat... š https://www.thehackerwire.com/vulnerability/CVE-2026-32121/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32121
- Severity
- High
- CVSS Score
- 7.7
- Type
- stored_xss
- Status
- confirmed
- EPSS
- 3.2%
- Social Posts
- 2
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N