GHSA-fr6h-hjqh-g695MediumCVSS 6.1

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image...

Published
June 10, 2026
Last Modified
June 10, 2026

🔗 CVE IDs covered (1)

📋 Description

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with JavaScript payloads in metadata fields such as Study Description, which are reflected without sanitization in popup.jsp and archiving/uploadfiles_jsp.java when processed through the Upload DICOM images feature.

🔗 References (5)