CVE-2022-37461 Multiple XSS vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow attackers to inject arbitrary web script or HTML.

There are also XSS vulnerabilities in the (1) Edit Data Form, (2) Filter Form, and (3) Approve Form pages. This allows an attacker to inject arbitrary HTML or script, which may lead to session hijacking. There are also XSS vulnerabilities in the (1) Search Form, (2) Report Form, (3) Add New Data Form, and (4) Captcha Form pages. This allows an attacker to inject arbitrary HTML or script, which may lead to session hijacking. Unfortunately, there is a risk of an attacker retrieving patient information. There are XSS vulnerabilities in the (1) Add New Data Form, (2) Filter Form, and (3) Approve Form pages. This allows an attacker to inject arbitrary HTML or script, which may lead to session hijacking. Unfortunately, there is a risk of an attacker retrieving patient information. There are XSS vulnerabilities in the (1) Search Form, (2) Report Form, (3) Add New Data Form, and (4) Captcha Form pages. This allows an attacker to inject arbitrary HTML or script, which may lead to session hijacking. Unfortunately, there is a risk of an attacker retrieving patient information. There are XSS vulnerabilities in the (1) Edit Data Form, (2) Filter Form, and (3) Approve Form pages. This allows an attacker to inject arbitrary HTML or script, which may lead to session hijacking. There are also X

Bugbounty Program

This article has been submitted to the bug bounty program at "HackerOne"

In order to report a vulnerability in our code, please contact us via this link:
https://hackerone.com/healthcare-information-systems-doctor/reports/CVE-2022-37461

Summary

There are also XSS vulnerabilities in the (1) Edit Data Form, (2) Filter Form, and (3) Approve Form pages. This allows an attacker to inject arbitrary HTML or script, which may lead to session hijacking. There are also XSS vulnerabilities in the (1) Search Form, (2) Report Form, (3) Add New Data Form, and (4) Captcha Form pages. This allows an attacker to inject arbitrary HTML or script, which may lead to session hijacking. There are XSS vulnerabilities in the (1) Add New Data Form, (2) Filter Form, and (3) Approve Form pages. This allows an attacker to inject arbitrary HTML or script, which may lead to session hijacking.

Timeline

Published on: 09/30/2022 14:15:00 UTC
Last modified on: 10/04/2022 16:29:00 UTC

References