CVE-2025-29772

Description

OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerability is fixed in 7.0.3.