The four OpenEMR vulnerabilities were: Command injection. Persistent Cross-site scripting (XSS) Insecure API permissions. SQL injection. The Patient Portal of OpenEMR provides patients options to perform various manual tasks online, such as communication with doctors, filling new patient registration forms, taking appointments, viewing lab test ....