EIP-2026-110299
PRE-CVEOpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110299. PoCs published by David Shaw.
AI-analyzed exploit summary This is a security advisory detailing a persistent XSS vulnerability in OpenEMR 3.2, where maliciously crafted patient names can execute arbitrary JavaScript, stealing user session cookies. Additionally, it mentions an information disclosure issue due to world-readable sensitive directories.
Description
OpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities
Exploits (1)
This is a security advisory detailing a persistent XSS vulnerability in OpenEMR 3.2, where maliciously crafted patient names can execute arbitrary JavaScript, stealing user session cookies. Additionally, it mentions an information disclosure issue due to world-readable sensitive directories.