This problem affects the following products:
- HealthShare Personal Community: all versions prior to 2023.4
The Personal Community Workbench is used by administrative staff within the organization to manage Personal Community patient accounts. In order to exploit this XSS vulnerability, staff members need to be authorized users, meaning that they have specific role-based access.
Sites should ensure that they are creating Personal Community workbench accounts with a set of roles appropriate for each staff member.
This vulnerability has been corrected as of version 2023.4.
The correction for this defect is identified as HSPC-14126 which will be included in all future product releases. It is also available via ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).