Stored Cross-Site Scripting Vulnerability in OpenEMR by OpenEMR
CVE-2025-69231
8.7HIGH
What is CVE-2025-69231?
A stored cross-site scripting vulnerability exists within the GAD-7 anxiety assessment form in OpenEMR versions prior to 8.0.0. This flaw allows authenticated users with clinician privileges to inject malicious JavaScript code. When other users access the form, this code executes, potentially leading to session hijacking, account takeover, and unauthorized privilege escalation. The vulnerability highlights the importance of secure coding practices and user access management in healthcare applications.
Affected Version(s)
openemr < 8.0.0
