CVE-2019-17179

XSS in library/custom_template/add_template.php in OpenEMR through 5.0.2 allows a malicious user to execute code in the context of a victim’s browser via a crafted list_id query parameter.
Source: NIST
CVE-2019-17179