Описание
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:epic:mychart:-:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06477
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-91
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.
EPSS
Процентиль: 91%
0.06477
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-91