40 matches found
EUVD-2021-1014
Malware in sbrugna...
EUVD-2023-28128
Malicious code in bioql PyPI...
CVE-2023-24610
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...
CVE-2021-29489
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...
CVE-2023-24610
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...
Design/Logic Flaw
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...
CVE-2023-24610
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...
CVE-2023-24610
CVE-2023-24610 affects NOSH Chartingsystem (NOSH 4a5cfdb). A remote authenticated user can trigger PHP arbitrary code execution via the “practice logo” upload feature after bypassing client-side checks. Impact per sources includes potential exposure of Protected Health Information due to health-c...
CVE-2023-24065
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...
Cross site scripting
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...
NOSH ChartingSystem 跨站脚本漏洞
NOSH ChartingSystem is an electronic health record system designed for physicians and patients. A security vulnerability exists in NOSH ChartingSystem. An attacker could exploit the vulnerability to steal protected health information...
CVE-2023-24065
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...
CVE-2023-24065
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...
CVE-2023-24065
The CVE-2023-24065 entry affects NOSH (version 4a5cfdb) and describes a stored XSS vulnerability on the create user page. A crafted first name field can execute JavaScript when visiting /users/2/1, with potential to exfiltrate Protected Health Information in a healthcare-charting context. Public ...
CVE-2022-31108
Summary of CVE-2022-31108 (mermaid.js) : The vulnerability allows an attacker to inject arbitrary CSS into the generated graph, enabling styling changes to elements outside the SVG and potential information disclosure via CSS selectors that trigger HTTP requests. The issue is tied to how user inp...
MAL-2022-1885 Malicious code in charting-library-angular5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0951e2547b550ff0a715125f78bd5fe0e8f2ed31b905487677cc4bb51b20785 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1886 Malicious code in charting-library-react-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cba3185261bbaca364e13eb20f22442df73c6fa2a62f6387cb1a6215d99ecd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in charting-library-react-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cba3185261bbaca364e13eb20f22442df73c6fa2a62f6387cb1a6215d99ecd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in charting-library-angular5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0951e2547b550ff0a715125f78bd5fe0e8f2ed31b905487677cc4bb51b20785 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @distributedcollective/charting-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 106e4598660bf87b449fb5fff15133f2ecda8ad43b249799bb6932dbf74b50fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...