Skip to content
Busque para obtener información sobre los productos y soluciones de InterSystems, las oportunidades de carrera y más. Los resultados incluyen contenido de nuestra comunidad de desarrolladores, documentación de productos y sitios web educativos, además de

Advisory: Cross-site Scripting Issue in the Clinical Viewer

March 1, 2022 – Advisory: Cross-site Scripting Issue in the Clinical Viewer

InterSystems has corrected a defect which could allow Cross-site scripting (XSS). A crafted payload within certain URI Parameters or HTTP POST Body can lead to arbitrary JavaScript execution in the Clinical Viewer in Health Share Information Exchange 2018.1 and Unified Care Record 2019.1.

The correction for this defect is identified as HSCV-8103/HSCV-8550. It is available via ad hoc change file or full kit distribution from the Worldwide Response Center (WRC). All affected customers are encouraged to request and apply the correction. The correction is included in version 2019.2 and all later product releases.