OpenEMR fails to sanitize the pc_category parameter in interface/main/calendar/index.php leading to a Cross-Site Scripting vulnerability. This exploit was tested on OpenEMR 4.0.0 but other versions may also be affected.
Exploit Type
Product Name