Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-25743 is a stored cross-site scripting (XSS) vulnerability in OpenEMR versions up to 7.0.4. It affects the handling of questionnaire ("forms") answers within patient encounters, specifically for users with the "Forms administration" role.'}, {'type': 'paragraph', 'content': 'An authenticated attacker with this role can insert arbitrary JavaScript code into the system by entering malicious payloads into form answers. This malicious code is stored and later executed automatically whenever any user with the same role views the form answers on patient encounter pages or visit history.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because user-supplied input is embedded directly into HTML output without proper sanitization, allowing the injection and execution of harmful scripts.'}, {'type': 'paragraph', 'content': 'This issue was fixed in OpenEMR version 8.0.0.'}] [2]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability allows any authenticated user with the "Forms administration" role to execute arbitrary JavaScript code within the OpenEMR system.'}, {'type': 'list_item', 'content': 'Execution of malicious scripts can lead to session hijacking.'}, {'type': 'list_item', 'content': 'Attackers may perform unauthorized actions within the application.'}, {'type': 'list_item', 'content': 'Sensitive medical data and user credentials could be exfiltrated.'}, {'type': 'paragraph', 'content': 'Because the malicious code executes automatically when viewing patient encounter data, it undermines the integrity and security of the medical records system.'}] [2]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by verifying if your OpenEMR installation is running a version prior to 8.0.0 and if users with the "Forms administration" role can input and save questionnaire form answers containing malicious JavaScript payloads.'}, {'type': 'paragraph', 'content': 'A practical detection method involves attempting to reproduce the exploit in a controlled environment by logging in as a user with the "Forms administration" role, opening a questionnaire form, and entering a test XSS payload such as <img src=x onerror=alert(document.domain)> into a form answer field. If the payload executes upon viewing the encounter or visit history pages, the system is vulnerable.'}, {'type': 'paragraph', 'content': 'There are no specific network commands or automated scanning commands provided in the available resources. However, manual inspection of the application behavior and version checking can help detect the vulnerability.'}] [2]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate and recommended mitigation step is to upgrade OpenEMR to version 8.0.0 or later, where this stored cross-site scripting vulnerability has been fixed.'}, {'type': 'paragraph', 'content': 'Until the upgrade can be performed, restrict or review the assignment of the "Forms administration" role to trusted users only, as the vulnerability requires this role for exploitation.'}, {'type': 'paragraph', 'content': 'Additionally, avoid entering untrusted or suspicious input into questionnaire form answers and monitor user activities related to form submissions.'}] [2]

Useful 0 Not Useful 0