LibreHealth EHR is a clinically-focused electronic health record (EHR) system designed to be easy to use out of the box and customizable for use in a variety of healthcare settings. The navigation.php page lacks filtering and escaping for parameters. An attacker could exploit this vulnerability to execute JavaScript code on the client side.