Tag
A stored cross-site scripting (XSS) vulnerability in OpenEMR's CCDA document preview (CVE-2026-33932) allows an attacker to execute arbitrary JavaScript in a clinician's browser session by uploading a malicious CCDA document.