Skip to content

Instantly share code, notes, and snippets.

Last active January 30, 2023 21:29
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Stored XSS vulnerability in NOSH ChartingSystem version git-4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533 via the create user page.
Nosh, as implemented in docker-nosh allows stored XSS via the
create user page. For example, a first name (of a physician,
assistant, or billing user) can have a JavaScript payload that is
executed upon visiting the /users/2/1 page.
Attempted to contact the vendor and have not received a response.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
[Affected Product Code Base]
NOSH ChartingSystem - Version git-4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533
[Affected Component]
The Create user functionality is vulnerable
[Attack Type]
[CVE Impact Other]
Javascript code execution in users browser.
# This vulnerability has a CVSS score of 4.3
# More information:
Mr Charalampos Theodorou
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment