CVE-2025-32794 – OpenEMR Cross-Site Scripting (XSS) Vulnerability

May 23, 2025

CVE ID : CVE-2025-32794

Published : May 23, 2025, 4:15 p.m. | 2 hours, 37 minutes ago

Description : OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient’s encounter under Orders → Procedure Orders. Version 7.0.3.4 contains a patch for the issue.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32967 – OpenEMR Password Change Event Logging Bypass Vulnerability

Next Article CVE-2025-24917 – Tenable Network Monitor Local Privilege Escalation Vulnerability

Highlights

CVE-2025-37819 – “Linux Kernel GICv2m Use After Free Vulnerability in irqchip”

May 8, 2025

CVE ID : CVE-2025-37819

Published : May 8, 2025, 7:15 a.m. | 58 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()

With ACPI in place, gicv2m_get_fwnode() is registered with the pci
subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime
during a PCI host bridge probe. But, the call back is wrongly marked as
__init, causing it to be freed, while being registered with the PCI
subsystem and could trigger:

Unable to handle kernel paging request at virtual address ffff8000816c0400
gicv2m_get_fwnode+0x0/0x58 (P)
pci_set_bus_msi_domain+0x74/0x88
pci_register_host_bridge+0x194/0x548

This is easily reproducible on a Juno board with ACPI boot.

Retain the function for later use.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Don’t make this costly thermostat mistake – and the best place to put it

68% of tech vendor customer support to be handled by AI by 2028, says Cisco report

These $130 Anker earbuds have no business sounding this good for the price

Pocket is shutting down – here’s how to retrieve what little data you still can

Last Call: Early Access for NativePHP Ends This Week

Last Call: Early Access for NativePHP Ends This Week

Setup Social Auth Redirects with Laravel Herd

Community News: Latest PECL Releases (05.27.2025)

Microsoft wants to make GamePad gaming faster on Chrome for Windows 11

Microsoft wants to make GamePad gaming faster on Chrome for Windows 11

Windows 11 KB5058502 restores Win + C, direct download links for version 23H2

Leak hints at Windows 11’s new feature that optimizes performance, tied to Copilot branding (?)

CVE-2025-32794 – OpenEMR Cross-Site Scripting (XSS) Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2022-24067 – Apache Struts Deserialization Vulnerability

CVE-2025-47268 – iputils Ping Denial of Service (DoS) Vulnerability

The Mistakes of CSS

Celebrating the Visionary Genius of Digital Marketing: Srinidhi Ranganathan and His Musical Masterpiece “I Cannot Live Without YouTube”

How to resolve “Error: TypeScript compilation failed.” issue in Gitlab CI?

CVE-2025-37819 – “Linux Kernel GICv2m Use After Free Vulnerability in irqchip”

With version 136.0.3193.0, Microsoft Edge introduces a new close button

Deblinux e il Nuovo Kernel Linux 6.13: Un Lavoro Orientato al Futuro

AI Assistant Demo & Tips for Enterprise Projects

CVE-2025-32794 – OpenEMR Cross-Site Scripting (XSS) Vulnerability

Related Posts