Product
medium
advisory
OpenEMR Stored XSS Vulnerability in CCDA Document Preview (CVE-2026-33932)
2 rules 1 TTPA stored cross-site scripting (XSS) vulnerability in OpenEMR's CCDA document preview (CVE-2026-33932) allows an attacker to execute arbitrary JavaScript in a clinician's browser session by uploading a malicious CCDA document.
OpenEMR
xss
cve-2026-33932
health-records
2r
1t
high
advisory
OpenEMR PostCalendar Blind SQL Injection Vulnerability (CVE-2026-33914)
2 rules 2 TTPsA blind SQL injection vulnerability exists in the PostCalendar module of OpenEMR versions prior to 8.0.0.3 due to improper sanitization of the `dels` POST parameter, potentially allowing attackers to execute arbitrary SQL commands.
OpenEMR
sql-injection
cve-2026-33914
web-application
2r
2t