Unrated severityNVD Advisory· Published Jan 23, 2024· Updated Jun 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Orthanc Osimis DICOM Web Viewer
CVE-2023-7238
Description
A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 1.4.2.0-9d9eff4
Patches
Vulnerability mechanics
References
1- www.cisa.gov/news-events/ics-medical-advisories/icsma-24-023-01mitregovernment-resource
News mentions
0No linked articles in our index yet.