This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Description] | |
NOSH 4a5cfdb has a high severity vulnerability in the "practice logo" upload feature | |
which allows remote authenticated users to upload and execute arbitrary PHP code. | |
This vulnerability can be exploited by bypassing the client-side checks and uploading a malicious .php file, | |
leading to RCE and possible server takeover. | |
[Vulnerability Type] | |
Unrestricted File Upload | |
[Vendor of Product] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Stored XSS vulnerability in NOSH ChartingSystem version git-4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533 via the create user page. | |
[Description] | |
Nosh, as implemented in docker-nosh allows stored XSS via the | |
create user page. For example, a first name (of a physician, | |
assistant, or billing user) can have a JavaScript payload that is | |
executed upon visiting the /users/2/1 page. | |
Attempted to contact the vendor and have not received a response. | |
[Vulnerability Type] |