CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22725
https://notcve.org/view.php?id=CVE-2024-22725
24 Jan 2024 — Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting. Las versiones de Orthanc anteriores a la 1.12.2 se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada. La vulnerabilidad estaba presente en el informe de errores del servidor. • https://orthanc.uclouvain.be/hg/orthanc/file/Orthanc-1.12.2/NEWS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7238 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Orthanc Osimis DICOM Web Viewer
https://notcve.org/view.php?id=CVE-2023-7238
23 Jan 2024 — A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser. Se puede cargar un payload XSS como un estudio DICOM y cuando un usuario intenta ver el estudio infectado dentro de Osimis WebViewer, se activa la vulnerabilidad XSS. Si se explota, el atacante podrá ejecutar código JavaScript arbitrario dentro... • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-023-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33466 – Debian Security Advisory 5473-1
https://notcve.org/view.php?id=CVE-2023-33466
29 Jun 2023 — Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE). Orthanc antes de 1.12.0 permite a los usuarios autenticados con acceso a la API de Orthanc sobrescribir archivos arbitrarios en el sistema de archivos y, en escenarios de implementación específicos, permite al atacante sobrescribir... • https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568 • CWE-94: Improper Control of Generation of Code ('Code Injection') •