An issue was discovered in OpenEMR 5.0.1-dev. The vulnerability exists due to insufficient filtration of user-supplied data passed to the “openemr-master/gacl/admin/object_search.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.