CVE-2021-47817 – OpenEMR 5.0.2.1 contains a stored cross-site sc... (How to Fix)

Q: What is the severity of CVE-2021-47817?

CVE-2021-47817 has a CVSS score of 5.4 (MEDIUM). OpenEMR 5.0.2.1 contains a stored cross-site scripting vulnerability in user profile parameters that allows authenticated attackers to inject malicious JavaScript. This can lead to remote command execution through web shell download and execution. Only authenticated users can exploit this vulnerability.

📋 TL;DR

OpenEMR 5.0.2.1 contains a stored cross-site scripting vulnerability in user profile parameters that allows authenticated attackers to inject malicious JavaScript. This can lead to remote command execution through web shell download and execution. Only authenticated users can exploit this vulnerability.

💻 Affected Systems

Products:

OpenEMR

Versions: 5.0.2.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to exploit.

📦 What is this software?

Openemr by Open Emr

View all CVEs affecting Openemr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining remote command execution, data exfiltration, and persistent access through web shells.

🟠

Likely Case

Unauthorized data access, session hijacking, and limited command execution within the OpenEMR application context.

🟢

If Mitigated

Limited impact with proper input validation and output encoding preventing JavaScript execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated access but payload execution is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.2.2 and later

Vendor Advisory: https://www.open-emr.org/

Restart Required: No

Instructions:

1. Download latest OpenEMR version from official site. 2. Backup current installation. 3. Replace vulnerable files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for user profile parameters to filter JavaScript and special characters.

Modify user profile handling code to sanitize inputs before processing

🧯 If You Can't Patch

Implement web application firewall with XSS protection rules
Restrict user profile modification permissions to trusted administrators only

🔍 How to Verify

Check if Vulnerable:

Check OpenEMR version in admin interface or via version.php file.

Check Version:

grep -r '\$openemr_version' /path/to/openemr/interface/globals.php

Verify Fix Applied:

Test user profile parameter injection with test payloads after patching.

📡 Detection & Monitoring

Log Indicators:

Unusual user profile modifications
JavaScript payloads in POST requests to user profile endpoints

Network Indicators:

HTTP requests with JavaScript in user profile parameters
Unexpected outbound connections after profile updates

SIEM Query:

source="web_logs" AND (uri_path="/interface/usergroup/user_info.php" OR uri_path="/interface/usergroup/user_settings.php") AND (http_method="POST" OR http_method="PUT") AND (request_body CONTAINS "<script>" OR request_body CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2021-47817

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: January 21, 2026

Last Updated: February 2, 2026

🔗 References

https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability?utm_medium=cpc&utm_source=twitter&utm_campaign=openemr&utm_term=security&utm_content=tofu Exploit,Patch,Third Party Advisory
https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz/download Product
https://www.exploit-db.com/exploits/49784 Exploit,Third Party Advisory,VDB Entry
https://www.open-emr.org/ Product
https://www.vulncheck.com/advisories/openemr-remote-code-execution Third Party Advisory
https://www.youtube.com/watch?v=H8VWNwWgYJo&feature=emb_logo Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47817, you might also want to check these: