exploitDog

CVE-2023-7238

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 7.1

CVSS3: 6.1

EPSS Низкий

Описание

A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser.

Ссылки

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-023-01
Third Party Advisory
US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-023-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:orthanc-server:osimis_web_viewer:1.4.2.0-9d9eff4:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00199

Низкий

7.1 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-rv57-pvch-f98r

CVSS3: 7.1

github

около 2 лет назад

A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser.

EPSS

Процентиль: 42%

0.00199

Низкий

7.1 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79