Skip to content
Jelajahi lebih banyak situs InterSystems:
South Africa
Afrika Selatan
United States
Amerika Serikat
Middle East Region
Asia Tenggara
Australia New Zealand
Australia & Selandia Baru
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Finland
Finlandia
Hungary
Hongaria
United Kingdom Ireland
Inggris Raya & Irlandia
indonesian flag
Indonesia
Italy
Italia
Japan
Jepang
Germany
Jerman
France
Prancis
Czech Republic
Republik Ceko
Spain
Spanyol
Sweden
Swedia
Middle East Region
Timur Tengah
Jelajahi lebih banyak situs InterSystems:
South Africa
Afrika Selatan
United States
Amerika Serikat
Middle East Region
Asia Tenggara
Australia New Zealand
Australia & Selandia Baru
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Finland
Finlandia
Hungary
Hongaria
United Kingdom Ireland
Inggris Raya & Irlandia
indonesian flag
Indonesia
Italy
Italia
Japan
Jepang
Germany
Jerman
France
Prancis
Czech Republic
Republik Ceko
Spain
Spanyol
Sweden
Swedia
Middle East Region
Timur Tengah
Telusuri untuk mempelajari tentang produk dan solusi InterSystems, peluang karier, dan banyak lagi.
Home
Peringatan & Saran Produk
Advisory: Stored Cross Site Scripting Can Be Executed in the Personal Community Workbench

Advisory: Stored Cross Site Scripting Can Be Executed in the Personal Community Workbench

26 Juni, 2023

This problem affects the following products:

  • HealthShare Personal Community: all versions prior to 2023.4

The Personal Community Workbench is used by administrative staff within the organization to manage Personal Community patient accounts. In order to exploit this XSS vulnerability, staff members need to be authorized users, meaning that they have specific role-based access.

Sites should ensure that they are creating Personal Community workbench accounts with a set of roles appropriate for each staff member.

This vulnerability has been corrected as of version 2023.4.

The correction for this defect is identified as HSPC-14126 which will be included in all future product releases. It is also available via ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).
RELATED TOPICS
HealthShare

Latest Alerts & Advisories

11 Juni, 2025
Advisory: Namespace Switching and Global Display Failures
Advisory ID Product & Versions Affected Risk Category & Score Explicit Requirements DP-439649 Products:
buttonText
21 Mei, 2025
Peringatan & Saran Produk
Advisory: XDS.b Document Repository Should Be Notify and Query
This issue affects all versions of HealthShare®:
buttonText
21 Mei, 2025
Peringatan & Saran Produk
Advisory: Transform May Discard HL7 Medication Administration Instructions in FHIR Output
This problem affects the following products:
buttonText
21 Mei, 2025
Peringatan & Saran Produk
Advisory: Session Timeout Ineffective for Navigation Application and Clinical Viewer
This problem affects the following products:
buttonText
21 Mei, 2025
Peringatan & Saran Produk
Advisory: A Second Care Plan Using the Same Patient and Template Prevents Deletion of the Original Care Plan
This problem affects the following products:
buttonText
21 Mei, 2025
Peringatan & Saran Produk
Advisory: Manual Step for ODS Mirror Upgrade
This problem affects the following products:
buttonText
21 Mei, 2025
Peringatan & Saran Produk
Advisory: PIX Manager Process Causes Requests to Be Associated with Wrong User
This problem affects the following products:
buttonText
21 Mei, 2025
Peringatan & Saran Produk
Advisory: Portal Login Failures with HealthShare Federated SSO
This problem affects the following products:
buttonText
21 Mei, 2025
Peringatan & Saran Produk
Advisory: Error Handling for Patient Registry MPIID Mismatch
This problem affects the following products:
buttonText
21 Mei, 2025
Peringatan & Saran Produk
Advisory: Upgrade Process May Be Delayed Due to OAuth2.0 Metadata Purge
This problem affects the following products:
buttonText