Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

Home

Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

02 March, 2022

March 1, 2022 – Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

This issue affects HealthShare Patient Index versions 13, 14, 15.032, 2018.1, 2019.1, 2020.1 and 2020.2 and 2021.1.

A correction that addresses improper neutralization of special elements used in a command is available from the WRC as HSPI-2267.

Latest Alerts & Advisories

21 October, 2025

Advisory: Risk of Silent Wrong Results When Using New OFFSET Keyword in SQL Queries

Advisory ID DP-445340

10 October, 2025

Peringatan & Saran Produk

Correction Notice: Updated Alert for DP-442892

This alert supersedes the version issued on October 7, 2025. The original alert listed incorrect affected and fixed versions.

07 October, 2025

Peringatan & Saran Produk

Advisory: SDA3 -> FHIR Transformation Failure

Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.

07 October, 2025

Peringatan & Saran Produk

Alert: Risk of Silent Wrong Results When Unused Common Table Expressions Appear in SQL Queries

Risk Category & Score Explicit Requirements DP-443396 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL

07 October, 2025

Peringatan & Saran Produk

Alert: Risk of Silent Wrong Results When Using Specific OUTER JOIN Patterns in SQL Queries

This alert has been corrected - please see: October 10 - Correction Notice: Updated Alert for DP-442892

30 September, 2025

Peringatan & Saran Produk

Advisory: Missing Globals with Mirror Database Download

In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.

24 September, 2025

Peringatan & Saran Produk

Alert: Transaction Rollbacks Fail When LogRollback is Enabled

Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2

03 September, 2025

Peringatan & Saran Produk

Alert: Upgrade Failure in IRIS 2025.1.1.308.0 due to Reserved Web Application Names

Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:

24 July, 2025

Peringatan & Saran Produk

Advisory for IRISSECURITY in InterSystems IRIS 2025.2

InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.

24 July, 2025

Peringatan & Saran Produk

InterSystems Announces General Availability of InterSystems IRIS 2025.2

InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).

Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

March 1, 2022 – Advisory: Cross-site Scripting Vulnerability in HealthShare Patient Index

Latest Alerts & Advisories

Membangun aplikasi yang intensif data dan sangat penting dengan InterSystems IRIS. Mulailah koding secara gratis hari ini.