Vulnerability Description
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nosh Chartingsystem Project | Nosh Chartingsystem | - |
Related Weaknesses (CWE)
References
- https://gist.github.com/abbisQQ/e0967d5b8355087c8e224bdd1ace3bf3Third Party Advisory
- https://github.com/shihjay2/docker-noshThird Party Advisory
- https://github.com/shihjay2/nosh2/issues/202ExploitThird Party Advisory
- https://github.com/shihjay2/nosh2/tree/4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533Third Party Advisory
- https://noshemr.wordpress.comProductThird Party Advisory
- https://gist.github.com/abbisQQ/e0967d5b8355087c8e224bdd1ace3bf3Third Party Advisory
- https://github.com/shihjay2/docker-noshThird Party Advisory
- https://github.com/shihjay2/nosh2/issues/202ExploitThird Party Advisory
- https://github.com/shihjay2/nosh2/tree/4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533Third Party Advisory
- https://noshemr.wordpress.comProductThird Party Advisory
FAQ
What is CVE-2023-24065?
CVE-2023-24065 is a vulnerability with a CVSS score of 5.4 (MEDIUM). NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/...
How severe is CVE-2023-24065?
CVE-2023-24065 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24065?
Check the references section above for vendor advisories and patch information. Affected products include: Nosh Chartingsystem Project Nosh Chartingsystem.