{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33303", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-18T18:55:47.428Z", "datePublished": "2026-03-19T20:25:05.823Z", "dateUpdated": "2026-03-19T20:25:05.823Z"}, "containers": {"cna": {"title": "OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/openemr/openemr/security/advisories/GHSA-cp37-pmfx-5mhm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-cp37-pmfx-5mhm"}, {"name": "https://github.com/openemr/openemr/commit/c32139b5144b1c704015221520ad2f931e25f10d", "tags": ["x_refsource_MISC"], "url": "https://github.com/openemr/openemr/commit/c32139b5144b1c704015221520ad2f931e25f10d"}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"version": "< 8.0.0.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-19T20:25:05.823Z"}, "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `portal_login_username` in the portal credential print view. A patient portal user can set their login username to an XSS payload, which then executes in a clinic staff member's browser when they open the \"Create Portal Login\" page for that patient. This crosses from the patient session context into the staff/admin session context. Version 8.0.0.2 fixes the issue."}], "source": {"advisory": "GHSA-cp37-pmfx-5mhm", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `portal_login_username` in the portal credential print view. A patient portal user can set their login username to an XSS payload, which then executes in a clinic staff member's browser when they open the \"Create Portal Login\" page for that patient. This crosses from the patient session context into the staff/admin session context. Version 8.0.0.2 fixes the issue."}], "id": "CVE-2026-33303", "lastModified": "2026-03-20T13:39:46.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-19T21:17:11.540", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/openemr/openemr/commit/c32139b5144b1c704015221520ad2f931e25f10d"}, {"source": "security-advisories@github.com", "url": "https://github.com/openemr/openemr/security/advisories/GHSA-cp37-pmfx-5mhm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.0.0.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openemr", "source": "cna", "vendor": "openemr"}, "product": "openemr", "vendor": "openemr"}], "analysis": {"en": {"generated_at": "2026-03-19T21:50:38.091627+00:00", "value": {"mitigation_remediation": ["Upgrade OpenEMR to version 8.0.0.2 or later."], "summary": {"action": "Patch", "impact": "Stored XSS"}, "threat_synthesis": {"affected_systems": "The affected product is OpenEMR (openemr:openemr). All releases earlier than version 8.0.0.2 contain the flaw; version 8.0.0.2 provides the fix.", "description_and_impact": "OpenEMR versions before 8.0.0.2 allow a stored cross\u2011site scripting (XSS) vulnerability through the unescaped field `portal_login_username` in the portal credential print view. A patient portal user can insert a malicious script in their login username, which is saved and later rendered without proper escaping when a clinic staff member opens the \"Create Portal Login\" page for that patient. The script runs in the staff browser, exposing a cross\u2011domain XSS flaw (CWE\u201179).", "risk_and_exploitability": "The CVSS score for this vulnerability is 5.4, indicating moderate severity. No EPSS score is provided, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to control a patient portal account and embed a payload in the username. When a staff or admin user visits the affected page, the stored script executes automatically, with no additional interaction needed. Given the moderate CVSS score and the simplicity of the attack path, the overall risk is moderate."}}}}, "created": "2026-03-20T08:56:18.066462+00:00", "updated": "2026-03-20T11:06:27.955304+00:00", "vendors": ["openemr", "openemr$PRODUCT$openemr"]}