CVE-2021-47817

low-risk

Published 2026-01-21

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Openemr

Affected Vendors

Open-Emr

References (6)

Exploit https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability?utm...

Product https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr...

Exploit https://www.exploit-db.com/exploits/49784

Product https://www.open-emr.org/

Third Party Advisory https://www.vulncheck.com/advisories/openemr-remote-code-execution

Exploit https://www.youtube.com/watch?v=H8VWNwWgYJo&feature=emb_logo

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal