{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T16:59:31.873","vulnerabilities":[{"cve":{"id":"CVE-2026-33911","sourceIdentifier":"security-advisories@github.com","published":"2026-03-25T23:17:10.337","lastModified":"2026-03-26T16:23:28.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter `title` is reflected back in a JSON response built with `json_encode()`. Because the response is served with a `text/html` Content-Type, the browser interprets injected HTML/script tags rather than treating the output as JSON. An authenticated attacker can craft a request that executes arbitrary JavaScript in a victim's session. Version 8.0.0.3 contains a fix."},{"lang":"es","value":"OpenEMR es una aplicación gratuita y de código abierto para registros de salud electrónicos y gestión de consultorios médicos. Antes de la versión 8.0.0.3, el parámetro POST 'title' se refleja en una respuesta JSON construida con 'json_encode()'. Debido a que la respuesta se sirve con un Content-Type 'text/html', el navegador interpreta las etiquetas HTML/script inyectadas en lugar de tratar la salida como JSON. Un atacante autenticado puede elaborar una solicitud que ejecuta JavaScript arbitrario en la sesión de una víctima. La versión 8.0.0.3 contiene una corrección."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.0.3","matchCriteriaId":"E3E098AF-42A1-4798-85A7-80052F19F809"}]}]}],"references":[{"url":"https://github.com/openemr/openemr/commit/64e8befa0a49f85dd5e2a85c91f3f8b9e565896f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openemr/openemr/releases/tag/v8_0_0_3","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-wwhf-6cvc-6766","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}