CVE-2014-3861

HL7 C-cda < 1.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

References (3)

[Patch] http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088

[Patch] http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html

[Exploit] http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/

Scores

EPSS 0.0025

EPSS Percentile 48.6%

Details

CWE

CWE-79

Status published

Products (2)

hl7/c-cda < 1.1

n/a/n/a

Published Sep 02, 2014

Tracked Since Feb 18, 2026