Skip to content
搜索以了解InterSystems产品和解决方案,职业机会等。

Advisory: Cross-site Scripting Issue in the Clinical Viewer

March 1, 2022 – Advisory: Cross-site Scripting Issue in the Clinical Viewer

InterSystems has corrected a defect which could allow Cross-site scripting (XSS). A crafted payload within certain URI Parameters or HTTP POST Body can lead to arbitrary JavaScript execution in the Clinical Viewer in Health Share Information Exchange 2018.1 and Unified Care Record 2019.1.

The correction for this defect is identified as HSCV-8103/HSCV-8550. It is available via ad hoc change file or full kit distribution from the Worldwide Response Center (WRC). All affected customers are encouraged to request and apply the correction. The correction is included in version 2019.2 and all later product releases.

RELATED TOPICS

最新警报和通知

Aug 21, 2024
InterSystems 已修复了一个缺陷,在极少数情况下,该缺陷可能导致多卷数据库出现数据库损坏或 错误。只有被截断的数据库才存在风险。
Jun 03, 2024
从发布InterSystems IRIS®数据平台2022.3开始,InterSystems修改了许可证强制执行机制,以包括REST和SOAP请求。由于这种变化,在升级后,使用REST或SOAP的非处理器核数的许可证环境下,用户可能会遇到更高的许可证消耗。要确定此警报是否适用于您的InterSystems许可证,请按照下面链接的FAQ中的说明进行操作。
May 01, 2024
InterSystems has corrected an issue that can cause a small number of SQL queries to return incorrect results. See below for the specifics on impacted queries.
Nov 14, 2023
There are 10 alerts in the HealthShare HS2023-02 Alert communication. An alert summary for each issue is shown is in the table below. Details for each alert are contained in the attached document: HS2023-02-Communication.
Jun 17, 2023
InterSystems 已纠正导致进程内存使用量增加的缺陷。
May 11, 2023
InterSystems已经解决了影响Caché、Ensemble、HealthShare、InterSystems IRIS、InterSystems IRIS for Health、HealthShare HealthConnect和TrakCare的安全漏洞。 这些漏洞影响到InterSystems所有版本的产品。
Apr 28, 2023
InterSystems 已修复了一个缺陷,该缺陷可能会导致使用 IBM POWER8 或更高版本的 POWER 处理器的 AIX 系统上的数据库和Journal日志文件损坏。只有在使用数据库或Journal日志加密时才会触发此缺陷。
Apr 11, 2023
InterSystems已修复一个缺陷,该缺陷在罕见情况下会导致ECP客户端不稳定。
Apr 06, 2023
InterSystems 已修复一个导致SQL查询返回不正确结果的缺陷。该缺陷存在于以下产品和基于这些产品的任何InterSystems产品中。