CVE-2026-46518

Source
https://cve.org/CVERecord?id=CVE-2026-46518
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46518.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46518
Aliases
  • GHSA-4gh4-q39r-45wf
Published
2026-06-09T22:50:49.425Z
Modified
2026-07-08T08:13:39.536809954Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
Summary
OpenEMR: Stored XSS in prescription CSS/HTML print view via patient demographics
Details

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a clinician's browser session. Patient demographic fields (name, address) are rendered without output encoding in multiprintcssheader(), and portal patients can write attacker-controlled HTML directly into patientdata by calling the PUT api/patient/:num endpoint, which bypasses the intended audit review workflow. Because the XSS fires in the clinician's authenticated session on the main OpenEMR interface, the attacker can access CSRF tokens, session data, and perform actions as the clinician — crossing the patient-to-clinician trust boundary. This issue has been patched in version 8.0.0.1.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46518.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79",
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/openemr/openemr

Affected ranges

Type
GIT
Repo
https://github.com/openemr/openemr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.0.0.1"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

Other
v2_7_2
v2_7_2-rc1
v2_7_2-rc2
v2_7_3-rc1
v2_8_0
v2_8_1
v2_8_2
v2_8_3
v2_9_0
v3_0_0
v3_0_1
v8_0_0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46518.json"