cve/CVE-2023-33255.md at b8bb3913ae5ed6689c69f4d953bda7435b2f2da7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application.

POC

Reference

http://packetstormsecurity.com/files/172644/Papaya-Medical-Viewer-1.0-Cross-Site-Scripting.html

Github

No PoCs found on GitHub currently.

854 B Raw Blame History

CVE-2023-33255

Description

POC

Reference

Github

854 B

Raw Blame History