A vulnerability was found in frankverbeke OpenClinic GA up to 5.351.19 . It has been declared as problematic . This issue affects some unknown processing of the file popup.jsp of the component Upload DICOM Image Feature . The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-25860 . It is possible to launch the attack remotely. No exploit is available.