CVE-2026-33911 | OpenEMR up to 8.0.0.2 POST Parameter json_encode Title cross site scripting (GHSA-wwhf-6cvc-6766)

Inserito da Angelo Barbosa | Mar 26, 2026 | CVE

A vulnerability categorized as problematic has been discovered in OpenEMR. The impacted element is the function json_encode of the component POST Parameter Handler. Executing a manipulation of the argument Title can lead to cross site scripting.

This vulnerability is handled as CVE-2026-33911. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-33911 | OpenEMR up to 8.0.0.2 POST Parameter json_encode Title cross site scripting (GHSA-wwhf-6cvc-6766)

Post correlati

CVE-2024-53056 | Linux Kernel up to 6.11.6 mediatek mtk_crtc_destroy null pointer dereference (c60583a87cb4/4018651ba5c4)

CVE-2024-49824 | IBM Robotic Process Automation up to 21.0.7.18/23.0.18 client-side enforcement of server-side security

VDB-253530 | Google Cloud Projects IAM API projects.serviceAccounts.list pageToken information disclosure

CVE-2024-7025 | Google Chrome up to 129.0.6668.70 Layout integer overflow