CVE-2022-37461
Summary
| CVE | CVE-2022-37461 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-09-30 14:15:00 UTC |
| Updated | 2022-10-04 16:29:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Canon | Medical Vitrea View | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Canon Medical Software Security Updates | CONFIRM | www.vitalimages.com | |
| Vitrea® View - Canon Medical | MISC | www.vitalimages.com | |
| www.trustwave.com/en-us/resources/security-resources/security-advisories | MISC | www.trustwave.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.