Unrated severityOSV Advisory· Published Jan 21, 2026· Updated Mar 5, 2026

OpenEMR 5.0.2.1 - Remote Code Execution

CVE-2021-47817

Description

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance.

Affected products

Openemr/OpenemrOSV
Range: v2_7_2, v2_7_2-rc1, v2_7_2-rc2, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/49784mitreexploit
blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerabilitymitrevendor-advisory
www.vulncheck.com/advisories/openemr-remote-code-executionmitrethird-party-advisory
sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz/downloadmitreproduct
www.open-emr.orgmitreproduct
www.youtube.com/watchmitretechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000