{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-46518/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-10T13:08:03.185Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-46518","@id":"https://www.cve.org/CVERecord?id=CVE-2026-46518","description":"OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a clinician's browser session. Patient demographic fields (name, address) are rendered without output encoding in multiprintcss_header(), and portal patients can write attacker-controlled HTML directly into patie"},"products":[{"@id":"cpe:2.3:a:openemr:openemr:\\<_8.0.0.1:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:openemr:openemr:\\<_8.0.0.1:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-10T13:08:03.185Z"}]}