提交 #819559: orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scripting信息

标题orthanc orthanc-server/orthanc-explorer-2 < = 1.12.0 Cross Site Scripting
描述### Reflected XSS via remote-source URL Parameter **Component:** `WebApplication/src/components/StudyList.vue:644-650, 1039` **Affected :** orthanc-explorer-2 #### Description The `remote-source` URL query parameter is read from `this.$route.query` without sanitization and stored in `this.remoteSource`. It is then injected into a vue-i18n translation string and rendered via `v-html`: ```javascript // StudyList.vue:647-649 this.remoteSource = filters["remote-source"]; // unsanitized // StudyList.vue:1039 <p v-html="$t('remote_dicom_browsing', { source: remoteSource })"></p> ``` The i18n message template includes HTML: ``` "Browsing DICOM node <strong>{source}</strong>" ``` vue-i18n v9 does **not** HTML-encode named parameters by default. Since `escapeParameter`is not set in `i18n.js`, the raw value of `remote-source` is injected as HTML. An attacker crafts a URL with an XSS payload in `remote-source` and shares it with a victim. #### Attack URL No upload, no prior access, no authentication. One click triggers execution. #### Proof of Concept ``` http://ORTHANC_HOST/ui/app/#/filtered-studies?source-type=dicom&remote-source=<img src=x onerror=alert(document.domain)> ``` <img width="1471" height="667" alt="Image" src="https://github.com/user-attachments/assets/31bc3db9-d5d1-486e-8460-8c7becdcba77" /> ### Impact This vulnerability allows an attacker to execute arbitrary JavaScript in the victim’s browser within the context of the Orthanc Explorer application. Successful exploitation can lead to session hijacking, unauthorized actions on behalf of the user, exposure of sensitive medical data, or delivery of further client-side attacks. Because the exploit requires only a crafted URL and a single user interaction, it poses a significant risk in environments where links can be shared (e.g., email, chat, or internal systems). ---
来源⚠️ https://github.com/orthanc-server/orthanc-explorer-2/issues/108
用户
 dapickle (UID 97309)
提交2026-05-05 15時36分 (1 月前)
管理2026-05-30 13時08分 (25 days later)
状态已接受
VulDB条目367430 [Orthanc Explorer 2 直到 1.12.0 URL StudyList.vue remote-source 跨网站脚本]
积分20

上一步一览下一步

Do you know our Splunk app?

Download it now for free!