First published: Fri Sep 30 2022(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canon Medical Vitrea View | >=7.0<7.7.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37461 is a vulnerability that allows remote attackers to inject arbitrary web script or HTML through multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6.
The severity of CVE-2022-37461 is medium with a CVSS score of 6.1.
CVE-2022-37461 affects Canon Medical Vitrea View versions 7.x before 7.7.6.
Remote attackers can exploit CVE-2022-37461 by injecting arbitrary web script or HTML through the error subdirectory or specific parameters in Canon Medical Vitrea View.
Yes, you can find official resources and advisories regarding CVE-2022-37461 at the following links: [Link 1](https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=30693), [Link 2](https://www.vitalimages.com/customer-success-support-program/vital-images-software-security-updates/), [Link 3](https://www.vitalimages.com/vitrea-vision/vitrea-view/)