제출 #819559: orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scripting정보

제목	orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scripting
설명	### Reflected XSS via remote-source URL Parameter Component: `WebApplication/src/components/StudyList.vue:644-650, 1039` Affected : orthanc-explorer-2 #### Description The `remote-source` URL query parameter is read from `this.$route.query` without sanitization and stored in `this.remoteSource`. It is then injected into a vue-i18n translation string and rendered via `v-html`: ```javascript // StudyList.vue:647-649 this.remoteSource = filters["remote-source"]; // unsanitized // StudyList.vue:1039 <p v-html="$t('remote_dicom_browsing', { source: remoteSource })"></p> ``` The i18n message template includes HTML: ``` "Browsing DICOM node <strong>{source}</strong>" ``` vue-i18n v9 does not HTML-encode named parameters by default. Since `escapeParameter`is not set in `i18n.js`, the raw value of `remote-source` is injected as HTML. An attacker crafts a URL with an XSS payload in `remote-source` and shares it with a victim. #### Attack URL No upload, no prior access, no authentication. One click triggers execution. #### Proof of Concept ``` http://ORTHANC_HOST/ui/app/#/filtered-studies?source-type=dicom&remote-source=<img src=x onerror=alert(document.domain)> ``` <img width="1471" height="667" alt="Image" src="https://github.com/user-attachments/assets/31bc3db9-d5d1-486e-8460-8c7becdcba77" /> ### Impact This vulnerability allows an attacker to execute arbitrary JavaScript in the victim’s browser within the context of the Orthanc Explorer application. Successful exploitation can lead to session hijacking, unauthorized actions on behalf of the user, exposure of sensitive medical data, or delivery of further client-side attacks. Because the exploit requires only a crafted URL and a single user interaction, it poses a significant risk in environments where links can be shared (e.g., email, chat, or internal systems). ---
원천	⚠️ https://github.com/orthanc-server/orthanc-explorer-2/issues/108
사용자	dapickle (UID 97309)
제출	2026. 05. 05. PM 03:36 (1 월 ago)
모더레이션	2026. 05. 30. PM 01:08 (25 days later)
상태	수락
VulDB 항목	367430 [Orthanc Explorer 2 까지 1.12.0 URL StudyList.vue remote-source 크로스 사이트 스크립팅]
포인트들	20

◂ 이전 개요 다음 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!