Unrated severityNVD Advisory· Published Jan 23, 2024· Updated Jun 17, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Orthanc Osimis DICOM Web Viewer

CVE-2023-7238

Description

A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser.

Affected products

Orthanc Server/Osimis Dicom Web Viewerv5
Range: 1.4.2.0-9d9eff4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-023-01mitregovernment-resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000