In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the
software does not neutralize or incorrectly neutralizes
user-controllable input before it is placed in output that is then used
as a webpage and served to other users. Successful exploitation could
lead to unauthorized access to patient data via a read-only web
application.
CPE | Name | Operator | Version |
---|---|---|---|
patient_information_center_ix | eq | .2.0-b | |
patient_information_center_ix | eq | .2.0-c | |
patient_information_center_ix | eq | .3.0-c |