Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26913: Evolucare Ecsimaging new_movie.php反射性xss

** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. php.

CVE
Open in Source
#xss#php

Evolucare Ecsimaging new_movie.php反射性xss****漏洞描述

EVOLUCARE ECSimage是一款国外使用的医疗管理系统,研究发现其new_movie.php接口中存在反射性xss,其源码中直接echo了输入的参数,攻击者可以通过此行为窃取系统用户中的cookie信息等。

漏洞影响

1

EVOLUCARE Evolucare Ecsimaging 版本< 6.21.5

漏洞详情

poc

1

/new_movie.php?studyUID=1&start=<script>alert(`xss`)</script>&end=2&file=1

演示截图

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE