📄 Description (English)
OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history for the users with the same role. Versions prior to 8.0.0.3 have a stored cross-site scripting (XSS) vulnerability in the function to display the form answers, allowing any authenticated attacker with the specific role to insert arbitrary JavaScript into the system by entering malicious payloads to the form answers. The JavaScript code is later executed by any user with the form role when viewing the form answers in the patient encounter pages or visit history. Version 8.0.0.3 contains a patch.
🤖 AI Executive Summary
OpenEMR versions prior to 8.0.0.3 contain a stored XSS vulnerability in Eye Exam forms that allows authenticated users with 'Notes - my encounters' role to inject malicious JavaScript. The vulnerability affects all users viewing patient encounters and visit history, potentially compromising patient data confidentiality and enabling lateral movement within healthcare systems. This is particularly critical for Saudi healthcare organizations given the sensitivity of medical records and regulatory requirements.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 20:19
🇸🇦 Saudi Arabia Impact Assessment
Healthcare sector organizations in Saudi Arabia using OpenEMR are at critical risk, including private hospitals, clinics, and health information systems. The vulnerability directly impacts SEHA (Ministry of Health) affiliated facilities and private healthcare providers. Patient data confidentiality is compromised, potentially violating GDPR-equivalent regulations and Saudi healthcare data protection standards. The vulnerability enables privilege escalation and lateral movement within hospital networks, affecting Electronic Health Record (EHR) integrity and patient safety systems. Telehealth platforms and integrated healthcare management systems are particularly vulnerable.
🏢 Affected Saudi Sectors
Healthcare
Government Health Services
Private Hospitals and Clinics
Telehealth Providers
Medical Research Institutions
Pharmaceutical Companies
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all OpenEMR instances in your organization and verify current version (check Administration > System > Version)
2. Restrict access to Eye Exam forms to trusted personnel only until patching is complete
3. Review audit logs for suspicious Eye Exam form submissions in the past 90 days
4. Isolate affected systems from critical networks if running versions prior to 8.0.0.3
PATCHING GUIDANCE:
1. Upgrade OpenEMR to version 8.0.0.3 or later immediately
2. Test patches in non-production environment first
3. Backup all patient data before applying patches
4. Verify form rendering after patching to ensure no data loss
COMPENSATING CONTROLS (if immediate patching not possible):
1. Implement Web Application Firewall (WAF) rules to detect and block XSS payloads in form submissions
2. Disable Eye Exam form functionality until patching is complete
3. Implement strict Content Security Policy (CSP) headers: Content-Security-Policy: default-src 'self'; script-src 'self'
4. Enable HTML entity encoding for all form output
5. Implement input validation to reject special characters in form fields
DETECTION RULES:
1. Monitor for form submissions containing: <script>, javascript:, onerror=, onload=, event handlers
2. Alert on Eye Exam form access by users outside normal business hours
3. Track modifications to encounter pages and visit history records
4. Monitor database queries for unusual Eye Exam form data patterns
5. Log all form submissions with user ID, timestamp, and payload content
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع مثيلات OpenEMR في مؤسستك وتحقق من الإصدار الحالي (تحقق من الإدارة > النظام > الإصدار)
2. قيد الوصول إلى نماذج فحص العيون للموظفين الموثوقين فقط حتى اكتمال التصحيح
3. راجع سجلات التدقيق لتقديمات نماذج فحص العيون المريبة في آخر 90 يوماً
4. عزل الأنظمة المتأثرة عن الشبكات الحرجة إذا كانت تعمل بإصدارات سابقة للإصدار 8.0.0.3
إرشادات التصحيح:
1. قم بترقية OpenEMR إلى الإصدار 8.0.0.3 أو أحدث على الفور
2. اختبر التصحيحات في بيئة غير الإنتاج أولاً
3. قم بعمل نسخة احتياطية من جميع بيانات المرضى قبل تطبيق التصحيحات
4. تحقق من عرض النموذج بعد التصحيح للتأكد من عدم فقدان البيانات
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. تطبيق قواعد جدار حماية تطبيقات الويب (WAF) للكشف عن حمولات XSS وحجبها
2. تعطيل وظيفة نموذج فحص العيون حتى اكتمال التصحيح
3. تطبيق رؤوس سياسة أمان المحتوى الصارمة: Content-Security-Policy: default-src 'self'; script-src 'self'
4. تفعيل ترميز كيان HTML لجميع مخرجات النموذج
5. تطبيق التحقق من الإدخال لرفض الأحرف الخاصة في حقول النموذج
قواعد الكشف:
1. مراقبة تقديمات النموذج التي تحتوي على: <script>، javascript:، onerror=، onload=، معالجات الأحداث
2. تنبيه الوصول إلى نموذج فحص العيون من قبل المستخدمين خارج ساعات العمل العادية
3. تتبع التعديلات على صفحات اللقاء والسجل الطبي
4. مراقبة استعلامات قاعدة البيانات لأنماط بيانات نموذج فحص العيون غير العادية
5. تسجيل جميع تقديمات النموذج برقم المستخدم والطابع الزمني ومحتوى الحمولة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.14.2.1 - Secure development policy and procedures
A.14.2.5 - Secure development environment
A.12.6.1 - Management of technical vulnerabilities
A.12.2.1 - Audit logging
A.13.1.1 - Network security perimeter
🔵 SAMA CSF
ID.GV-1 - Organizational processes to manage cybersecurity risk
PR.DS-1 - Data security management
PR.DS-2 - Data in transit protection
DE.CM-1 - Detection and analysis
RS.RP-1 - Response planning
🟡 ISO 27001:2022
A.6.1.1 - Information security policies
A.12.2.1 - Audit logging
A.12.6.1 - Management of technical vulnerabilities
A.13.1.1 - Network security perimeter
A.14.2.1 - Secure development policy
🟣 PCI DSS v4.0.1
6.2 - Security patches and updates
6.5.7 - Cross-site scripting prevention
10.2 - Audit logging implementation
10.3 - Log protection and monitoring
🔗 References & Sources 4
🔗
https://github.com/openemr/openemr/commit/f488efbe3eb7f17d0f057f960020cb611149f8a2
security-advisories@github.com
Patch
🔗
https://github.com/openemr/openemr/releases/tag/v8_0_0_3
security-advisories@github.com
Product
🔗
https://github.com/openemr/openemr/security/advisories/GHSA-6ch2-p26g-x33h
security-advisories@github.com
Exploit
Vendor Advisory
🔗
https://github.com/openemr/openemr/security/advisories/GHSA-6ch2-p26g-x33h
134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
📦 Affected Products / CPE 1 entries
open-emr:openemr