CVE-2023-23637

Name of the Vulnerable Software and Affected Versions IMPatienT versions prior to 1.5.2

Description The issue allows stored XSS via onmouseover in certain text fields within a "PATCH /modify onto" request to the ontology builder. This may allow attackers to steal Protected Health Information.

Recommendations For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ontology builder and avoiding the use of the onmouseover event in text fields within the "PATCH /modify onto" request until a patch is available.