Submit #819559: orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scriptinginfo

Titel	orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scripting
Beschreibung	### Reflected XSS via remote-source URL Parameter Component: `WebApplication/src/components/StudyList.vue:644-650, 1039` Affected : orthanc-explorer-2 #### Description The `remote-source` URL query parameter is read from `this.$route.query` without sanitization and stored in `this.remoteSource`. It is then injected into a vue-i18n translation string and rendered via `v-html`: ```javascript // StudyList.vue:647-649 this.remoteSource = filters["remote-source"]; // unsanitized // StudyList.vue:1039 <p v-html="$t('remote_dicom_browsing', { source: remoteSource })"></p> ``` The i18n message template includes HTML: ``` "Browsing DICOM node <strong>{source}</strong>" ``` vue-i18n v9 does not HTML-encode named parameters by default. Since `escapeParameter`is not set in `i18n.js`, the raw value of `remote-source` is injected as HTML. An attacker crafts a URL with an XSS payload in `remote-source` and shares it with a victim. #### Attack URL No upload, no prior access, no authentication. One click triggers execution. #### Proof of Concept ``` http://ORTHANC_HOST/ui/app/#/filtered-studies?source-type=dicom&remote-source=<img src=x onerror=alert(document.domain)> ``` <img width="1471" height="667" alt="Image" src="https://github.com/user-attachments/assets/31bc3db9-d5d1-486e-8460-8c7becdcba77" /> ### Impact This vulnerability allows an attacker to execute arbitrary JavaScript in the victim’s browser within the context of the Orthanc Explorer application. Successful exploitation can lead to session hijacking, unauthorized actions on behalf of the user, exposure of sensitive medical data, or delivery of further client-side attacks. Because the exploit requires only a crafted URL and a single user interaction, it poses a significant risk in environments where links can be shared (e.g., email, chat, or internal systems). ---
Quelle	⚠️ https://github.com/orthanc-server/orthanc-explorer-2/issues/108
Benutzer	dapickle (UID 97309)
Einreichung	05.05.2026 15:36 (vor 30 Tagen)
Moderieren	30.05.2026 13:08 (25 days later)
Status	Akzeptiert
VulDB Eintrag	367430 [Orthanc Explorer 2 bis 1.12.0 URL StudyList.vue remote-source Cross Site Scripting]
Punkte	20

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!