Skip to content
搜索以了解InterSystems产品和解决方案,职业机会等。搜索结果包括来自我们的开发者社区、产品文档和教育网站的内容以及 InterSystems.com。

Advisory: Cross-site Scripting Issue in the Clinical Viewer

March 1, 2022 – Advisory: Cross-site Scripting Issue in the Clinical Viewer

InterSystems has corrected a defect which could allow Cross-site scripting (XSS). A crafted payload within certain URI Parameters or HTTP POST Body can lead to arbitrary JavaScript execution in the Clinical Viewer in Health Share Information Exchange 2018.1 and Unified Care Record 2019.1.

The correction for this defect is identified as HSCV-8103/HSCV-8550. It is available via ad hoc change file or full kit distribution from the Worldwide Response Center (WRC). All affected customers are encouraged to request and apply the correction. The correction is included in version 2019.2 and all later product releases.

RELATED TOPICS