Vulnerability Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the `xl()` translation function returns unescaped strings. While wrapper functions exist for escaping in different contexts (`xlt()` for HTML, `xla()` for attributes, `xlj()` for JavaScript), there are places in the codebase where `xl()` output is used directly without escaping. If an attacker could insert malicious content into the translation database, these unescaped outputs could lead to XSS. Version 8.0.0 fixes the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Emr | Openemr | < 8.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/openemr/openemr/commit/b1e3fe8a9ed8bcaf17e0b73d7fad5434f9fe36Patch
- https://github.com/openemr/openemr/security/advisories/GHSA-3f9j-cqjj-7h46Vendor AdvisoryMitigation
FAQ
What is CVE-2026-21443?
CVE-2026-21443 is a vulnerability with a CVSS score of 6.1 (MEDIUM). OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the `xl()` translation function returns unescaped strings. While wrappe...
How severe is CVE-2026-21443?
CVE-2026-21443 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-21443?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Emr Openemr.