Enviar #819559: orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scriptinginformación

Título	orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scripting
Descripción	### Reflected XSS via remote-source URL Parameter Component: `WebApplication/src/components/StudyList.vue:644-650, 1039` Affected : orthanc-explorer-2 #### Description The `remote-source` URL query parameter is read from `this.$route.query` without sanitization and stored in `this.remoteSource`. It is then injected into a vue-i18n translation string and rendered via `v-html`: ```javascript // StudyList.vue:647-649 this.remoteSource = filters["remote-source"]; // unsanitized // StudyList.vue:1039 <p v-html="$t('remote_dicom_browsing', { source: remoteSource })"></p> ``` The i18n message template includes HTML: ``` "Browsing DICOM node <strong>{source}</strong>" ``` vue-i18n v9 does not HTML-encode named parameters by default. Since `escapeParameter`is not set in `i18n.js`, the raw value of `remote-source` is injected as HTML. An attacker crafts a URL with an XSS payload in `remote-source` and shares it with a victim. #### Attack URL No upload, no prior access, no authentication. One click triggers execution. #### Proof of Concept ``` http://ORTHANC_HOST/ui/app/#/filtered-studies?source-type=dicom&remote-source=<img src=x onerror=alert(document.domain)> ``` <img width="1471" height="667" alt="Image" src="https://github.com/user-attachments/assets/31bc3db9-d5d1-486e-8460-8c7becdcba77" /> ### Impact This vulnerability allows an attacker to execute arbitrary JavaScript in the victim’s browser within the context of the Orthanc Explorer application. Successful exploitation can lead to session hijacking, unauthorized actions on behalf of the user, exposure of sensitive medical data, or delivery of further client-side attacks. Because the exploit requires only a crafted URL and a single user interaction, it poses a significant risk in environments where links can be shared (e.g., email, chat, or internal systems). ---
Fuente	⚠️ https://github.com/orthanc-server/orthanc-explorer-2/issues/108
Usuario	dapickle (UID 97309)
Sumisión	2026-05-05 15:36 (hace 1 mes)
Moderación	2026-05-30 13:08 (25 days later)
Estado	Aceptado
Entrada de VulDB	367430 [Orthanc Explorer 2 hasta 1.12.0 URL StudyList.vue remote-source secuencias de comandos en sitios cruzados]
Puntos	20

◂ Anterior Visión De Conjunto Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!