Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Orthanc Osimis DICOM Web Viewer
CVE-2023-7238

7.1HIGH

Key Information:

Vendor: Orthanc
Status: Osimis Dicom Web Viewer
Vendor: CVE Published:; 23 January 2024

What is CVE-2023-7238?

An XSS vulnerability exists in the Osimis WebViewer, allowing attackers to upload a malicious payload as a DICOM study. When users attempt to view the infected study, the vulnerability is triggered, enabling the execution of arbitrary JavaScript code in the victim's browser. This security flaw compels users of Osimis WebViewer to exercise caution when handling DICOM studies, as it can lead to unauthorized actions and data breaches.

Affected Version(s)

Osimis DICOM Web Viewer 1.4.2.0-9d9eff4

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

government-resource

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Jan 22, 2024

Credit

Noam Moshe of Claroty Team82