{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-24T11:25:36.006","vulnerabilities":[{"cve":{"id":"CVE-2026-33933","sourceIdentifier":"security-advisories@github.com","published":"2026-03-26T00:16:40.120","lastModified":"2026-03-26T16:17:56.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS) vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in an authenticated staff member's browser session by sending them a crafted URL. The attacker does not need an OpenEMR account. Version 8.0.0.3 patches the issue."},{"lang":"es","value":"OpenEMR es una aplicación gratuita y de código abierto de registros de salud electrónicos y gestión de consultorios médicos. A partir de la versión 7.0.2.1 y antes de la versión 8.0.0.3, una vulnerabilidad de cross-site scripting (XSS) reflejado en el editor de plantillas personalizadas permite a un atacante ejecutar JavaScript arbitrario en la sesión del navegador de un miembro del personal autenticado enviándoles una URL manipulada. El atacante no necesita una cuenta de OpenEMR. La versión 8.0.0.3 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.2.1","versionEndExcluding":"8.0.0.3","matchCriteriaId":"37A001F6-4070-4BC4-8A5A-B4CCEA856E39"}]}]}],"references":[{"url":"https://github.com/openemr/openemr/commit/d5c8d49ef19983472b2d7db0dbebd2dac9d6a200","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openemr/openemr/commit/de9b6eb0da574430e8223c014cf4a05b0adc29d8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openemr/openemr/releases/tag/v8_0_0_3","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-9qh7-cfq4-j7c3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/openemr/openemr/security/advisories/GHSA-9qh7-cfq4-j7c3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}