CVE-2023-33255

Name of the Vulnerable Software and Affected Versions Papaya Viewer version 1.0.1449

Description An issue was discovered where user-supplied input in the form of DICOM or NIFTI images can be loaded into the Papaya web application without sanitization. This allows the injection of arbitrary JavaScript code into image metadata, which is executed when the metadata is displayed in the Papaya web application.

Recommendations For Papaya Viewer version 1.0.1449, as a temporary workaround, consider disabling the loading of user-supplied DICOM or NIFTI images into the Papaya web application until a patch is available. Restrict access to the image metadata display feature to minimize the risk of exploitation. Avoid using the Papaya web application to load untrusted images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.