Skip to content
Search to learn about InterSystems products and solutions, career opportunities, and more.

Advisory: Stored Cross Site Scripting Can Be Executed in the Personal Community Workbench

This problem affects the following products:

  • HealthShare Personal Community: all versions prior to 2023.4

The Personal Community Workbench is used by administrative staff within the organization to manage Personal Community patient accounts. In order to exploit this XSS vulnerability, staff members need to be authorized users, meaning that they have specific role-based access.
Sites should ensure that they are creating Personal Community workbench accounts with a set of roles appropriate for each staff member.

This vulnerability has been corrected as of version 2023.4.

The correction for this defect is identified as HSPC-14126 which will be included in all future product releases. It is also available via ad hoc change file (patch) or full kit distribution by contacting the Worldwide Response Center (WRC).


Latest Alerts & Advisories

Sign Up Today

Receive notifications on support alerts, critical issues,
fixes, and product releases.
*Required Fields
Highlighted fields are required
*Required Fields
Highlighted fields are required
By submitting this form, you give consent to receive notifications concerning support alerts, critical issues, important updates, fixes, and product releases via email. In addition, you consent to your business contact information being entered into our CRM solution that is hosted in the United States, but maintained consistent with applicable data protection laws.
**By clicking here, you give consent to be contacted for news, updates and other marketing purposes related to existing and future InterSystems products, offerings, and events.