CVE-2023-23637
Published
CVSS v3
7.6
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information.
IMPatienT🗂️: an integrated web application to digitize, process and explore multimodal patient data. Demo version deployed at: https://huggingface.co/spaces/corentinm7/IMPatienT
GitHub