CVE-2025-32794 – OpenEMR Cross-Site Scripting (XSS) Vulnerability

May 23, 2025

CVE ID : CVE-2025-32794

Published : May 23, 2025, 4:15 p.m. | 2 hours, 37 minutes ago

Description : OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient’s encounter under Orders → Procedure Orders. Version 7.0.3.4 contains a patch for the issue.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32967 – OpenEMR Password Change Event Logging Bypass Vulnerability

Next Article CVE-2025-24917 – Tenable Network Monitor Local Privilege Escalation Vulnerability

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Kong AI Gateway 3.11 introduces new method for reducing token costs

Native vs hybrid vs cross-platform: Resolving the trilemma

Microsoft’s AI CEO says Google nearly launched “ChatGPT” before OpenAI — but brutal skeptics, fears of disrupting search, and safety concerns thwarted the plan

You’ve got to try these 5 premium Minecraft add-ons — Dinosaurs, security systems, and more really shake up Bedrock Edition

This Microsoft pay scale reveals AI pros are making bank — with compensation packages reaching up to $336,000/year

ZeniMax QA testers face whiplash and “rancid” work morale following Microsoft’s gaming layoffs — but the union still fights

The details of TC39’s last meeting

The details of TC39’s last meeting

Vector Search Embeddings and RAG

Python Meets Power Automate: Trigger via URL

Microsoft’s AI CEO says Google nearly launched “ChatGPT” before OpenAI — but brutal skeptics, fears of disrupting search, and safety concerns thwarted the plan

Microsoft’s AI CEO says Google nearly launched “ChatGPT” before OpenAI — but brutal skeptics, fears of disrupting search, and safety concerns thwarted the plan

You’ve got to try these 5 premium Minecraft add-ons — Dinosaurs, security systems, and more really shake up Bedrock Edition

This Microsoft pay scale reveals AI pros are making bank — with compensation packages reaching up to $336,000/year

CVE-2025-32794 – OpenEMR Cross-Site Scripting (XSS) Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

ZeroBrane Studio – lightweight Lua-based IDE for Lua

CVE-2025-34076 – Microweber CMS Local File Inclusion Vulnerability

Best PC Games You Can Play Under 100 MB

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

bookmarkmenu offers bookmark storage using the menu back end

CVE-2025-46154 – Foxcms SQL Time Injection Vulnerability

CVE-2025-32973 – XWiki Privilege Escalation Vulnerability

Gaming on a dual-screen laptop? I tried it with Lenovo’s new Yoga Book 9i for 2025 — Here’s what happened

CVE-2025-32794 – OpenEMR Cross-Site Scripting (XSS) Vulnerability

Related Posts