Uploaded image for project: 'Reference Application'
  1. Reference Application
  2. RA-452 XSS vulnerabilities in Ref App 2.x
  3. RA-1318

Stored XSS in Diagnoses section of patient.page

    XMLWordPrintable

    Details

    • Complexity:
      Low

      Description

      This xss bug can be exploited when a user clicks on the "Visit Note" link on a patient's page and creates a note with diagnosis: Non-coded <script>alert('xss');</script>.

      The injected JS will be executed back on the patient's page in the diagnosis section.

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              dkayiwa Daniel Kayiwa
              Reporter:
              isears Isaac Sears
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: