CVE-2020-16218

Name of the Vulnerable Software and Affected Versions Patient Information Center iX (PICiX) versions B.02, C.02, C.03

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.

Recommendations For versions B.02, C.02, C.03, consider implementing input validation and sanitization to prevent unauthorized access to patient data. As a temporary workaround, consider restricting access to the read-only web application until a patch is available. Avoid using user-controllable input in the webpage output until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.