PT-2024-15244 · Osimis · Osimis Webviewer
Noam Moshe
·
Published
2024-01-23
·
Updated
2024-01-30
·
CVE-2023-7238
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Osimis WebViewer (affected versions not specified)
Description
A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer, the issue gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Osimis Webviewer