Skip to content
Explorar mais sites da InterSystems:
New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Explorar mais sites da InterSystems:
New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
indonesian flag
Indonesia
Italy
Italy
Japan
Japan
Middle East Region
Middle East
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Pesquise para saber mais sobre produtos e soluções da InterSystems, oportunidades de carreira e muito mais.
Home
Product Alerts & Advisories
Advisory: Cross-site Scripting Issue in the Clinical Viewer

Advisory: Cross-site Scripting Issue in the Clinical Viewer

Mar 01, 2022

March 1, 2022 – Advisory: Cross-site Scripting Issue in the Clinical Viewer

InterSystems has corrected a defect which could allow Cross-site scripting (XSS). A crafted payload within certain URI Parameters or HTTP POST Body can lead to arbitrary JavaScript execution in the Clinical Viewer in Health Share Information Exchange 2018.1 and Unified Care Record 2019.1.

The correction for this defect is identified as HSCV-8103/HSCV-8550. It is available via ad hoc change file or full kit distribution from the Worldwide Response Center (WRC). All affected customers are encouraged to request and apply the correction. The correction is included in version 2019.2 and all later product releases.
RELATED TOPICS
HealthShare

Latest Alerts & Advisories

Nov 19, 2025
Product Alerts & Advisories
InterSystems Announces General Availability of InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect 2025.3
The 2025.3 release of InterSystems IRIS® data platform, InterSystems IRIS® for HealthTM, and HealthShare® Health Connect is now Generally Available (GA). This is a Continuous Delivery (CD) release.
More
Nov 19, 2025
Product Alerts & Advisories
Alert: Risk of Silent Wrong Results When Using Field Expressions Repeatedly in SQL Queries
Updated Nov 25, 2025 to reflect the complete list of fixes required for ad hoc requests.
More
Oct 21, 2025
Advisory: Risk of Silent Wrong Results When Using New OFFSET Keyword in SQL Queries
Advisory ID DP-445340
More
Oct 10, 2025
Product Alerts & Advisories
Correction Notice: Updated Alert for DP-442892
This alert supersedes the version issued on October 7, 2025. The original alert listed incorrect affected and fixed versions.
More
Oct 07, 2025
Product Alerts & Advisories
Advisory: SDA3 -> FHIR Transformation Failure
Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.
More
Oct 07, 2025
Product Alerts & Advisories
Alert: Risk of Silent Wrong Results When Unused Common Table Expressions Appear in SQL Queries
Risk Category & Score Explicit Requirements DP-443396 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL
More
Oct 07, 2025
Product Alerts & Advisories
Alert: Risk of Silent Wrong Results When Using Specific OUTER JOIN Patterns in SQL Queries
This alert has been corrected - please see: October 10 - Correction Notice: Updated Alert for DP-442892
More
Sep 30, 2025
Product Alerts & Advisories
Advisory: Missing Globals with Mirror Database Download
In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.
More
Sep 24, 2025
Product Alerts & Advisories
Alert: Transaction Rollbacks Fail When LogRollback is Enabled
Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2
More
Sep 03, 2025
Product Alerts & Advisories
Alert: Upgrade Failure in IRIS 2025.1.1.308.0 due to Reserved Web Application Names
Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:
More
View All Alerts & Advisories