Details

    • Complexity:
      Low

      Description

      This xss bug can be exploited when a user clicks on the "Visit Note" link on a patient's page and creates a note with diagnosis: Non-coded <script>alert('xss');</script>.

      The injected JS will be executed back on the patient's page in the diagnosis section.

        Gliffy Diagrams

          Attachments

            Attachments-Category-Modification

              Activity

                People

                • Assignee:
                  dkayiwa Daniel Kayiwa
                  Reporter:
                  isears Isaac Sears
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: