High Vulnerability in Orthanc Osimis DICOM Web Viewer

The cross-site scripting (XSS) vulnerability could result in arbitrary code execution in the targeted user's browser

Threat ID:: CC-4443
Threat Severity:: Low
Published:: 25 January 2024 12:08 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The cross-site scripting (XSS) vulnerability could result in arbitrary code execution in the targeted user's browser

Affected platforms

The following platforms are known to be affected:

Versions: 1.4.2.0-9d9eff4

Orthanc Osimis DICOM Web Viewer

Threat details

Introduction

Orthanc have released a security bulletin addressing a high vulnerability affecting Osimis DICOM Web Viewer.

The vulnerability, known as CVE-2023-7238, is a cross-site scripting (XSS) vulnerability, which can be exploited if an XSS payload is uploaded as a DICOM study and viewed by the user inside the Osimis WebViewer. This could allow an attacker to execute arbitrary code in the targeted user's browser.

Remediation advice

Affected organisations are encouraged to review the Orthanc security bulletin and apply the relevant updates.

Definitive source of threat updates

CVE Vulnerabilities

Status Reserved

CVE-2023-7238

Last edited: 25 January 2024 12:08 pm