Skip to content
Jelajahi lebih banyak situs InterSystems:
South Africa
Afrika Selatan
United States
Amerika Serikat
Middle East Region
Asia Tenggara
Australia New Zealand
Australia & Selandia Baru
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Finland
Finlandia
Hungary
Hongaria
United Kingdom Ireland
Inggris Raya & Irlandia
indonesian flag
Indonesia
Italy
Italia
Japan
Jepang
Germany
Jerman
France
Prancis
Czech Republic
Republik Ceko
Spain
Spanyol
Sweden
Swedia
Middle East Region
Timur Tengah
Jelajahi lebih banyak situs InterSystems:
South Africa
Afrika Selatan
United States
Amerika Serikat
Middle East Region
Asia Tenggara
Australia New Zealand
Australia & Selandia Baru
Benelux
Benelux:
Benelux:
Brazil
Brasil
Chile
Chile
China
China
Finland
Finlandia
Hungary
Hongaria
United Kingdom Ireland
Inggris Raya & Irlandia
indonesian flag
Indonesia
Italy
Italia
Japan
Jepang
Germany
Jerman
France
Prancis
Czech Republic
Republik Ceko
Spain
Spanyol
Sweden
Swedia
Middle East Region
Timur Tengah
Telusuri untuk mempelajari tentang produk dan solusi InterSystems, peluang karier, dan banyak lagi.
Home
Peringatan & Saran Produk
Advisory: Stored Cross Site Scripting Can Be Executed in the Personal Community Workbench

Advisory: Stored Cross Site Scripting Can Be Executed in the Personal Community Workbench

26 Juni, 2023

This problem affects the following products:

  • HealthShare Personal Community: all versions prior to 2023.4

The Personal Community Workbench is used by administrative staff within the organization to manage Personal Community patient accounts. In order to exploit this XSS vulnerability, staff members need to be authorized users, meaning that they have specific role-based access.

Sites should ensure that they are creating Personal Community workbench accounts with a set of roles appropriate for each staff member.

This vulnerability has been corrected as of version 2023.4.

The correction for this defect is identified as HSPC-14126 which will be included in all future product releases. It is also available via ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).
RELATED TOPICS
HealthShare

Latest Alerts & Advisories

21 Oktober, 2025
Advisory: Risk of Silent Wrong Results When Using New OFFSET Keyword in SQL Queries
Advisory ID DP-445340
buttonText
10 Oktober, 2025
Peringatan & Saran Produk
Correction Notice: Updated Alert for DP-442892
This alert supersedes the version issued on October 7, 2025. The original alert listed incorrect affected and fixed versions.
buttonText
07 Oktober, 2025
Peringatan & Saran Produk
Advisory: SDA3 -> FHIR Transformation Failure
Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.
buttonText
07 Oktober, 2025
Peringatan & Saran Produk
Alert: Risk of Silent Wrong Results When Unused Common Table Expressions Appear in SQL Queries
Risk Category & Score Explicit Requirements DP-443396 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL
buttonText
07 Oktober, 2025
Peringatan & Saran Produk
Alert: Risk of Silent Wrong Results When Using Specific OUTER JOIN Patterns in SQL Queries
This alert has been corrected - please see: October 10 - Correction Notice: Updated Alert for DP-442892
buttonText
30 September, 2025
Peringatan & Saran Produk
Advisory: Missing Globals with Mirror Database Download
In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.
buttonText
24 September, 2025
Peringatan & Saran Produk
Alert: Transaction Rollbacks Fail When LogRollback is Enabled
Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2
buttonText
03 September, 2025
Peringatan & Saran Produk
Alert: Upgrade Failure in IRIS 2025.1.1.308.0 due to Reserved Web Application Names
Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:
buttonText
24 Juli, 2025
Peringatan & Saran Produk
Advisory for IRISSECURITY in InterSystems IRIS 2025.2
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
buttonText
24 Juli, 2025
Peringatan & Saran Produk
InterSystems Announces General Availability of InterSystems IRIS 2025.2
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).
buttonText