CVE-2023-23637
Description
IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information.
References
ExploitIssue TrackingPatchThird Party Advisory
PatchThird Party Advisory
Release NotesThird Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics