Filtered by vendor Nosh Chartingsystem Project
Subscriptions
Filtered by product Nosh Chartingsystem
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24610 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2024-08-02 | 8.8 High |
| NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting. | ||||
| CVE-2023-24065 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2024-08-02 | 5.4 Medium |
| NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting. | ||||
Page 1 of 1.