CVE-2022-37461

CVE-2022-37461

Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.

Source: CVE-2022-37461

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다