Cross-Site Scripting Vulnerability in HL7 C-CDA by HL7
CVE-2014-3861

Currently unrated

Key Information:

Vendor: Hl7
Status: C-cda
Vendor: CVE Published:; 2 September 2014

What is CVE-2014-3861?

A vulnerability exists in the CDA.xsl file of HL7 C-CDA 1.1 and earlier versions, allowing remote attackers to exploit Cross-Site Scripting (XSS). By injecting crafted reference elements within a nonXMLBody element, these attackers can execute arbitrary web scripts or HTML, posing significant risks to web security. This vulnerability underlines the importance of securing web applications against XSS attacks.

References

http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesh...

x_refsource_CONFIRM

http://gforge.hl7.org/gf/project/strucdoc/frs/?action=Frs...

x_refsource_CONFIRM

http://smartplatforms.org/2014/04/security-vulnerabilitie...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2014
Vulnerability Reserved
May 25, 2014

Hl7

What is CVE-2014-3861?

References

Timeline