CVE-2025-67491

Exploit

EPSS 0.25%
Veröffentlicht 25.02.2026 00:31:11
Zuletzt bearbeitet 25.02.2026 17:01:48
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenEMR has Stored XSS in ub04 helper

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable `$data` is passed in a click event handler enclosed in single quotes without proper sanitization. Thus, despite `json_encode` a malicious user can still inject a payload such as ` ac' ><img src=x onerror=alert(document.cookie)> ` to trigger the bug. This vulnerability allows low privileged users to embed malicious JS payloads on the server and perform stored XSS attack. This, in turn makes it possible for malicious users to steal the session cookies and perform unauthorized actions impersonating administrators. Version 7.0.4 patches the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Open-emr ≫ Openemr Version >= 5.0.0.5 < 7.0.4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.156

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	8.5	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/openemr/openemr/security/advisories/GHSA-5fq8-jwvw-3m5w

Vendor Advisory

Exploit

https://github.com/openemr/openemr/blob/a65b11d8b8e973b8758ce0dc3efb4b6ec0466d85/interface/billing/ub04_helpers.php#L52-L60

Patch

https://github.com/openemr/openemr/commit/66a11c2d72ade16c4a908cd839d27cd7b261f97a

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-67491

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-67491

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-67491

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-67491