CVE-2025-31121
MEDIUMOpenEMR < 7.0.3.1 - Stored Cross-Site Scripting via EXIF Title in Patient Image
Title source: llmDescription
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/openemr/openemr/security/advisories/GHSA-2w94-qmj6-3qxx
Scores
CVSS v3
5.4
EPSS
0.1054
EPSS Percentile
93.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (1)
open-emr/openemr
< 7.0.3.1
Published
Apr 01, 2025
Tracked Since
Feb 18, 2026