CVE-2014-3862

HL7 C-CDA < 1.1 - Information Disclosure via CDA.xsl IMG Element

Title source: llm
STIX 2.1

Description

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

Scores

EPSS 0.0131
EPSS Percentile 67.2%

Details

CWE
CWE-200
Status published
Products (1)
hl7/c-cda < 1.1
Published Sep 02, 2014
Tracked Since Feb 18, 2026