We found results for “


Date: March 22, 2021


In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.


The module `OpenEMR` can be abused by Stored Cross-Site Scripting vulnerability since it performs improper validation on the input sent to the allergies `Title` field of patient details, before rendering the patient details in the reports page. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.

PoC Details

Login as administrator to the OpenEMR application. After login, create a new patient. After creating a new patient the site will navigate to the Medical Record Dashboard screen. Here click on `edit` of Allergies option to add medical details of the patient. Then click on the Add button to add allergies related medical issues of the patient. Select the issue type and place the given payload in this title field, then click on the save button.Then navigate to Reports tab in the Dashboard which displays the patient's details as a report, and the appended payload will get executed here.

PoC Code

<svg onload="javascript:alert('Stored XSS in add allergies title field of patient details')" xmlns="#"></svg>

Affected Environments

2.7.3-rc1 - 6.0.0


Upgrade to version

Language: PHP

Good to know:


Cross-Site Scripting (XSS)


Upgrade Version

Upgrade to version v6_0_0_1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: