CVE-2014-5452

2014-09-02T10:55:00
ID CVE-2014-5452
Type cve
Reporter cve@mitre.org
Modified 2016-12-22T02:59:00

Description

CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations.