Skip to content
Visitar más sitios de InterSystems:
Germany
Alemania
Australia New Zealand
Australia & Nueva Zelanda
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Spain
España
United States
Estados Unidos
Finland
Finlandia
France
Francia
Hungary
Hungría
indonesian flag
Indonesia
Italy
Italia
Japan
Japón
Middle East Region
Oriente Medio
United Kingdom Ireland
Reino Unido & Irlanda
Czech Republic
República Checa
South Africa
Sudáfrica
Middle East Region
Sudeste asiático
Sweden
Suecia
Visitar más sitios de InterSystems:
Germany
Alemania
Australia New Zealand
Australia & Nueva Zelanda
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Spain
España
United States
Estados Unidos
Finland
Finlandia
France
Francia
Hungary
Hungría
indonesian flag
Indonesia
Italy
Italia
Japan
Japón
Middle East Region
Oriente Medio
United Kingdom Ireland
Reino Unido & Irlanda
Czech Republic
República Checa
South Africa
Sudáfrica
Middle East Region
Sudeste asiático
Sweden
Suecia
Puede usar nuestro buscador para encontrar información sobre los productos y soluciones de InterSystems, las oportunidades de desarrollo profesional, los casos de uso, novedades y mucho más.
Home
Product Alerts & Advisories
Advisory: Cross-site Scripting Issue in the Clinical Viewer

Advisory: Cross-site Scripting Issue in the Clinical Viewer

Mar 01 2022

March 1, 2022 – Advisory: Cross-site Scripting Issue in the Clinical Viewer

InterSystems has corrected a defect which could allow Cross-site scripting (XSS). A crafted payload within certain URI Parameters or HTTP POST Body can lead to arbitrary JavaScript execution in the Clinical Viewer in Health Share Information Exchange 2018.1 and Unified Care Record 2019.1.

The correction for this defect is identified as HSCV-8103/HSCV-8550. It is available via ad hoc change file or full kit distribution from the Worldwide Response Center (WRC). All affected customers are encouraged to request and apply the correction. The correction is included in version 2019.2 and all later product releases.
RELATED TOPICS
HealthShare

Latest Alerts & Advisories

Nov 19 2025
Product Alerts & Advisories
InterSystems Announces General Availability of InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect 2025.3
The 2025.3 release of InterSystems IRIS® data platform, InterSystems IRIS® for HealthTM, and HealthShare® Health Connect is now Generally Available (GA). This is a Continuous Delivery (CD) release.
More
Nov 19 2025
Product Alerts & Advisories
Alert: Risk of Silent Wrong Results When Using Field Expressions Repeatedly in SQL Queries
Product & Versions Affected Risk Category & Score Explicit Requirements DP-445015 InterSystems IRIS® data platform
More
Oct 21 2025
Advisory: Risk of Silent Wrong Results When Using New OFFSET Keyword in SQL Queries
Advisory ID DP-445340
More
Oct 10 2025
Product Alerts & Advisories
Correction Notice: Updated Alert for DP-442892
This alert supersedes the version issued on October 7, 2025. The original alert listed incorrect affected and fixed versions.
More
Oct 07 2025
Product Alerts & Advisories
Advisory: SDA3 -> FHIR Transformation Failure
Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.
More
Oct 07 2025
Product Alerts & Advisories
Alert: Risk of Silent Wrong Results When Unused Common Table Expressions Appear in SQL Queries
Risk Category & Score Explicit Requirements DP-443396 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL
More
Oct 07 2025
Product Alerts & Advisories
Alert: Risk of Silent Wrong Results When Using Specific OUTER JOIN Patterns in SQL Queries
This alert has been corrected - please see: October 10 - Correction Notice: Updated Alert for DP-442892
More
Sep 30 2025
Product Alerts & Advisories
Advisory: Missing Globals with Mirror Database Download
In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.
More
Sep 24 2025
Product Alerts & Advisories
Alert: Transaction Rollbacks Fail When LogRollback is Enabled
Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2
More
Sep 03 2025
Product Alerts & Advisories
Alert: Upgrade Failure in IRIS 2025.1.1.308.0 due to Reserved Web Application Names
Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:
More
View All Alerts & Advisories