CVE-2023-33255
Last modified
CVE-2023-33255 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. EPSS estimates a 0.92% chance of exploitation in the next 30 days.
Description
An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Uthscsa | Papaya Viewer | 1.0 |
References
- http://packetstormsecurity.com/files/172644/Papaya-Medical-Viewer-1.0-Cross-Site-Scripting.htmlExploit, Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2023/May/21Exploit, Mailing List, Third Party Advisory
- https://schutzwerk.comNot Applicable
- https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txtThird Party Advisory
- http://packetstormsecurity.com/files/172644/Papaya-Medical-Viewer-1.0-Cross-Site-Scripting.htmlExploit, Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2023/May/21Exploit, Mailing List, Third Party Advisory
- https://schutzwerk.comNot Applicable
- https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txtThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-33255?
How severe is CVE-2023-33255?
How do I fix CVE-2023-33255?
Are you affected by CVE-2023-33255?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST