CVE-2026-33303

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `portal_login_username` in the portal credential print view. A patient portal user can set their login username to an XSS payload, which then executes in a clinic staff member's browser when they open the "Create Portal Login" page for that patient. This crosses from the patient session context into the staff/admin session context. Version 8.0.0.2 fixes the issue.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/openemr/openemr/commit/c32139b5144b1c704015221520ad2f931e25f10d	Patch
https://github.com/openemr/openemr/security/advisories/GHSA-cp37-pmfx-5mhm	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-19 21:17

Updated : 2026-03-20 15:07

NVD link : CVE-2026-33303

Mitre link : CVE-2026-33303

CVE.ORG link : CVE-2026-33303

JSON object : View

Products Affected

open-emr

openemr

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2026-33303", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2026-03-19T21:17:11.540", "references": [{"url": "https://github.com/openemr/openemr/commit/c32139b5144b1c704015221520ad2f931e25f10d", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openemr/openemr/security/advisories/GHSA-cp37-pmfx-5mhm", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `portal_login_username` in the portal credential print view. A patient portal user can set their login username to an XSS payload, which then executes in a clinic staff member's browser when they open the \"Create Portal Login\" page for that patient. This crosses from the patient session context into the staff/admin session context. Version 8.0.0.2 fixes the issue."}, {"lang": "es", "value": "OpenEMR es una aplicaci\u00f3n de gesti\u00f3n de registros de salud electr\u00f3nicos y pr\u00e1ctica m\u00e9dica de c\u00f3digo abierto y gratuita. Las versiones anteriores a la 8.0.0.2 son vulnerables a cross-site scripting (XSS) almacenado a trav\u00e9s de 'portal_login_username' sin escapar en la vista de impresi\u00f3n de credenciales del portal. Un usuario del portal de pacientes puede establecer su nombre de usuario de inicio de sesi\u00f3n a una carga \u00fatil de XSS, que luego se ejecuta en el navegador de un miembro del personal de la cl\u00ednica cuando abren la p\u00e1gina 'Crear inicio de sesi\u00f3n del portal' para ese paciente. Esto cruza del contexto de la sesi\u00f3n del paciente al contexto de la sesi\u00f3n del personal/administrador. La versi\u00f3n 8.0.0.2 corrige el problema."}], "lastModified": "2026-03-20T15:07:01.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C78F19AD-BD18-4F61-8B1C-DD099DBC6D34", "versionEndExcluding": "8.0.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}