Skip to content

Instantly share code, notes, and snippets.

[Description]
NOSH 4a5cfdb has a high severity vulnerability in the "practice logo" upload feature
which allows remote authenticated users to upload and execute arbitrary PHP code.
This vulnerability can be exploited by bypassing the client-side checks and uploading a malicious .php file,
leading to RCE and possible server takeover.
[Vulnerability Type]
Unrestricted File Upload
[Vendor of Product]
@abbisQQ
abbisQQ / CVE-2023-24065.txt
Last active January 30, 2023 21:29
CVE-2023-24065
Stored XSS vulnerability in NOSH ChartingSystem version git-4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533 via the create user page.
[Description]
Nosh, as implemented in docker-nosh allows stored XSS via the
create user page. For example, a first name (of a physician,
assistant, or billing user) can have a JavaScript payload that is
executed upon visiting the /users/2/1 page.
Attempted to contact the vendor and have not received a response.
[Vulnerability Type]