Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

Home

Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

Mar 01, 2022

March 1, 2022 – Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

This issue affects HealthShare Patient Index versions 13, 14, 15.032, 2018.1, 2019.1, 2020.1 and 2020.2 and 2021.1.

A correction that addresses improper neutralization of special elements used in a command is available from the WRC as HSPI-2267.

Latest Alerts & Advisories

Oct 10, 2025

Product Alerts & Advisories

Correction Notice: Updated Alert for DP-442892

This alert supersedes the version issued on October 7, 2025. The original alert listed incorrect affected and fixed versions.

Oct 07, 2025

Product Alerts & Advisories

Advisory: SDA3 -> FHIR Transformation Failure

Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.

Oct 07, 2025

Product Alerts & Advisories

Alert: Risk of Silent Wrong Results When Unused Common Table Expressions Appear in SQL Queries

Risk Category & Score Explicit Requirements DP-443396 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL

Oct 07, 2025

Product Alerts & Advisories

Alert: Risk of Silent Wrong Results When Using Specific OUTER JOIN Patterns in SQL Queries

This alert has been corrected - please see: October 10 - Correction Notice: Updated Alert for DP-442892

Sep 30, 2025

Product Alerts & Advisories

Advisory: Missing Globals with Mirror Database Download

In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.

Sep 24, 2025

Product Alerts & Advisories

Alert: Transaction Rollbacks Fail When LogRollback is Enabled

Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2

Sep 03, 2025

Product Alerts & Advisories

Alert: Upgrade Failure in IRIS 2025.1.1.308.0 due to Reserved Web Application Names

Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:

Jul 23, 2025

Product Alerts & Advisories

Advisory for IRISSECURITY in InterSystems IRIS 2025.2

InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.

Jul 23, 2025

Product Alerts & Advisories

InterSystems Announces General Availability of InterSystems IRIS 2025.2

InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).

Jun 10, 2025

Advisory: Namespace Switching and Global Display Failures

Advisory ID Product & Versions Affected Risk Category & Score Explicit Requirements DP-439649 Products:

View All Alerts & Advisories

Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

March 1, 2022 – Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

Latest Alerts & Advisories

Construya aplicaciones de datos intensivos y de misión crítica con InterSystems IRIS. Empieza a codificar gratis hoy mismo.