Skip to content
Jelajahi lebih banyak situs InterSystems:
South Africa
Afrika Selatan
United States
Amerika Serikat
Middle East Region
Asia Tenggara
Australia New Zealand
Australia & Selandia Baru
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Finland
Finlandia
Hungary
Hongaria
United Kingdom Ireland
Inggris Raya & Irlandia
indonesian flag
Indonesia
Italy
Italia
Japan
Jepang
Germany
Jerman
France
Prancis
Czech Republic
Republik Ceko
Spain
Spanyol
Sweden
Swedia
Middle East Region
Timur Tengah
Jelajahi lebih banyak situs InterSystems:
South Africa
Afrika Selatan
United States
Amerika Serikat
Middle East Region
Asia Tenggara
Australia New Zealand
Australia & Selandia Baru
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Finland
Finlandia
Hungary
Hongaria
United Kingdom Ireland
Inggris Raya & Irlandia
indonesian flag
Indonesia
Italy
Italia
Japan
Jepang
Germany
Jerman
France
Prancis
Czech Republic
Republik Ceko
Spain
Spanyol
Sweden
Swedia
Middle East Region
Timur Tengah
Telusuri untuk mempelajari tentang produk dan solusi InterSystems, peluang karier, dan banyak lagi.
Home
Peringatan & Saran Produk
Advisory: Stored Cross Site Scripting Can Be Executed in the Personal Community Workbench

Advisory: Stored Cross Site Scripting Can Be Executed in the Personal Community Workbench

26 Juni, 2023

This problem affects the following products:

  • HealthShare Personal Community: all versions prior to 2023.4

The Personal Community Workbench is used by administrative staff within the organization to manage Personal Community patient accounts. In order to exploit this XSS vulnerability, staff members need to be authorized users, meaning that they have specific role-based access.

Sites should ensure that they are creating Personal Community workbench accounts with a set of roles appropriate for each staff member.

This vulnerability has been corrected as of version 2023.4.

The correction for this defect is identified as HSPC-14126 which will be included in all future product releases. It is also available via ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).
RELATED TOPICS
HealthShare

Latest Alerts & Advisories

17 April, 2025
Peringatan & Saran Produk
InterSystems Security Public Notification
InterSystems has addressed security vulnerabilities that impact applications using OAuth2 Client configurations on InterSystems IRIS, InterSystems IRIS for Health, HealthShare, HealthShare HealthConnect, TrakCare, Caché, and Ensemble. Remediation steps and additional guidance documentation are available from the InterSystems Worldwide Response Center (WRC).
buttonText
02 April, 2025
Peringatan & Saran Produk
April 2, 2025 – Alert: InterSystems IRIS 2024.3 – AIX JSON Parsing Issue & IntegratedML Incompatibilities
Product & Versions Affected Explicit Requirements DP-439207 InterSystems IRIS® data platform 2024.3 (AIX) AIX installations Using JSON processing and Unicode non-Latin-1 character sets DP-439280 InterSystems IRIS 2024.3 (containers with IntegratedML) IntegratedML Containers using TensorFlow
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Patient Access Events Should Be Recorded by Client ID for CMS-0057
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Patient Delete API Now Available
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: FHIR Server Search Chaining May Return Incomplete or Incorrect Results on Certain Parameters
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: FHIR Session Flush Can Result in Consent Failure
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: DSUB ATNA Logging Creates Orphaned Messages and Global Growth
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Clinical Viewer User Security Group May Be Incorrect When Under Heavy Load
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Non-Unique Aggregation Keys Can Cause Key Collisions on Pure Query Edge Gateways
This problem affects the following products:
buttonText
04 Maret, 2025
Peringatan & Saran Produk
Advisory: Error in the Matching Weight for Name Frequency when Using a Non-Default Locale in Patient Index
This problem affects the following products:
buttonText