जमा करें #819559: orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scriptingजानकारी

शीर्षक	orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scripting
विवरण	### Reflected XSS via remote-source URL Parameter Component: `WebApplication/src/components/StudyList.vue:644-650, 1039` Affected : orthanc-explorer-2 #### Description The `remote-source` URL query parameter is read from `this.$route.query` without sanitization and stored in `this.remoteSource`. It is then injected into a vue-i18n translation string and rendered via `v-html`: ```javascript // StudyList.vue:647-649 this.remoteSource = filters["remote-source"]; // unsanitized // StudyList.vue:1039 <p v-html="$t('remote_dicom_browsing', { source: remoteSource })"></p> ``` The i18n message template includes HTML: ``` "Browsing DICOM node <strong>{source}</strong>" ``` vue-i18n v9 does not HTML-encode named parameters by default. Since `escapeParameter`is not set in `i18n.js`, the raw value of `remote-source` is injected as HTML. An attacker crafts a URL with an XSS payload in `remote-source` and shares it with a victim. #### Attack URL No upload, no prior access, no authentication. One click triggers execution. #### Proof of Concept ``` http://ORTHANC_HOST/ui/app/#/filtered-studies?source-type=dicom&remote-source=<img src=x onerror=alert(document.domain)> ``` <img width="1471" height="667" alt="Image" src="https://github.com/user-attachments/assets/31bc3db9-d5d1-486e-8460-8c7becdcba77" /> ### Impact This vulnerability allows an attacker to execute arbitrary JavaScript in the victim’s browser within the context of the Orthanc Explorer application. Successful exploitation can lead to session hijacking, unauthorized actions on behalf of the user, exposure of sensitive medical data, or delivery of further client-side attacks. Because the exploit requires only a crafted URL and a single user interaction, it poses a significant risk in environments where links can be shared (e.g., email, chat, or internal systems). ---
स्रोत	⚠️ https://github.com/orthanc-server/orthanc-explorer-2/issues/108
उपयोगकर्ता	dapickle (UID 97309)
सबमिशन	05/05/2026 03:36 PM (30 दिन पहले)
संयम	30/05/2026 01:08 PM (25 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	367430 [Orthanc Explorer 2 तक 1.12.0 URL StudyList.vue remote-source क्रॉस साइट स्क्रिप्टिंग]
अंक	20

◂ पिछला सिंहावलोकन अगला ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!