CVE-2014-5452

2014-09-02T06:55:04
ID CVE-2014-5452
Type cve
Reporter NVD
Modified 2016-12-21T21:59:16

Description

CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations.