NotCVE - vendor:"Orthanc-server" product:"Orthanc" version:"

2 results (0.005 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-22725

https://notcve.org/view.php?id=CVE-2024-22725

24 Jan 2024 — Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting. Las versiones de Orthanc anteriores a la 1.12.2 se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada. La vulnerabilidad estaba presente en el informe de errores del servidor. • https://orthanc.uclouvain.be/hg/orthanc/file/Orthanc-1.12.2/NEWS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-33466 – Debian Security Advisory 5473-1

https://notcve.org/view.php?id=CVE-2023-33466

29 Jun 2023 — Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE). Orthanc antes de 1.12.0 permite a los usuarios autenticados con acceso a la API de Orthanc sobrescribir archivos arbitrarios en el sistema de archivos y, en escenarios de implementación específicos, permite al atacante sobrescribir... • https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568 • CWE-94: Improper Control of Generation of Code ('Code Injection') •