CVE-2023-24065

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

CVE-2023-24610

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...

CVE-2023-24610

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...

CVE-2023-24610

CVE-2023-24610 affects NOSH Chartingsystem (NOSH 4a5cfdb). A remote authenticated user can trigger PHP arbitrary code execution via the “practice logo” upload feature after bypassing client-side checks. Impact per sources includes potential exposure of Protected Health Information due to health-c...

CVE-2023-24610

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...

NOSH ChartingSystem 代码问题漏洞

NOSH ChartingSystem is an electronic health record system designed for physicians and patients. A security vulnerability exists in NOSH ChartingSystem 4a5cfdb. An attacker can exploit the vulnerability to execute arbitrary PHP code...

CVE-2023-24610

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...

CVE-2023-24065

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

Cross site scripting

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

NOSH ChartingSystem 跨站脚本漏洞

NOSH ChartingSystem is an electronic health record system designed for physicians and patients. A security vulnerability exists in NOSH ChartingSystem. An attacker could exploit the vulnerability to steal protected health information...

CVE-2023-24065

The CVE-2023-24065 entry affects NOSH (version 4a5cfdb) and describes a stored XSS vulnerability on the create user page. A crafted first name field can execute JavaScript when visiting /users/2/1, with potential to exfiltrate Protected Health Information in a healthcare-charting context. Public ...

CVE-2023-24065

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

CVE-2019-13025

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...

Design/Logic Flaw

ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...

CVE-2014-8654

Multiple cross-site request forgery CSRF vulnerabilities in Compal Broadband Networks CBN CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that 1 have unspecified impact on DDNS...

CVE-2014-8653

CVE-2014-8653 affects Compal Broadband Networks CH6640E/CG6640E Wireless Gateway (model CH6640/CH6640E, firmware CH6640-3.5.11.7-NOSH). The primary issue is an XSS flaw exposed via the userData cookie, enabling remote injection of arbitrary script/HTML. The ZSL report expands this to multiple vul...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to 1 cause a denial of service device reboot via the "Restart Cable Modem" value in the BUTTONINPUT parameter to configdata.html, and 2 cause a denial of...