CNNVD-202601-3409 Information

CNNVD ID

CNNVD-202601-3409

Related CVE

CVE-2021-47817

• CNNVD Published: 2026-01-21

Description (Chinese)

OpenEMR是OpenEMR社区的一套开源的医疗管理系统。该系统可用于医疗实践管理、电子医疗记录、处方书写和医疗帐单申请。 OpenEMR 5.0.2.1版本存在跨站脚本漏洞，该漏洞源于通过用户配置文件参数存在跨站脚本，可能导致远程命令执行。

Description (English)

OpenEMR is an open-source medical management system for the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing applications. OpenEMR version 5.0.2.1 has a cross-site script loophole, which stems from the existence of a cross-site script through user configuration file parameters, which may lead to remote command execution.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

OpenEMR

Published

2026-01-21

Last Modified

2026-02-24

References

https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability?utm_medium=cpc&utm_source=twitter&utm_campaign=openemr&utm_term=security&utm_content=tofu https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz/download https://www.exploit-db.com/exploits/49784 https://www.open-emr.org/ https://www.vulncheck.com/advisories/openemr-remote-code-execution https://www.youtube.com/watch?v=H8VWNwWgYJo&feature=emb_logo