eClinicalWorks Patient Portal の raceMasterList.jsp における反射型クロスサイトスクリプティングの脆弱性
| Title |
eClinicalWorks Patient Portal の raceMasterList.jsp における反射型クロスサイトスクリプティングの脆弱性
|
| Summary |
eClinicalWorks Patient Portal の raceMasterList.jsp には、反射型クロスサイトスクリプティングの脆弱性が存在します。
|
| Possible impacts |
反射型クロスサイトスクリプティングを実行される可能性があります。 |
| Solution |
ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
Jan. 27, 2017, midnight |
| Registration Date |
Feb. 9, 2017, 6:23 p.m. |
| Last Update |
Feb. 9, 2017, 6:23 p.m. |
|
CVSS3.0 : 警告
|
| Score |
6.1
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
CVSS2.0 : 警告
|
| Score |
4.3
|
| Vector |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
Affected System
| eClinicalWorks |
|
Patient Portal 7.0 build 13
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
| No |
Changed Details |
Date of change |
| 0 |
[2017年02月09日]
掲載 |
Feb. 17, 2018, 10:37 a.m. |
NVD Vulnerability Information
CVE-2017-5599
| Summary |
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not require authentication. The vulnerability can be used to extract sensitive information or perform attacks against the user's browser. The vulnerability affects the raceMasterList.jsp page and the following parameter: race.
|
| Publication Date |
Jan. 27, 2017, 7:59 p.m. |
| Registration Date |
Jan. 26, 2021, 1:26 p.m. |
| Last Update |
Nov. 21, 2024, 12:27 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:eclinicalworks:patient_portal:7.0:*:*:*:*:*:*:* |
|
|
|
|
Related information, measures and tools
Common Vulnerabilities List