CVE-2014-3861

NONE EPSS 70.9%
Published Sep 2, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 2, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

Threat Intelligence

EPSS Exploit Probability
70.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
hl7c-cda* ≤1.1

References 3

  • gforge.hl7.org http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088
    Patch
  • motorcycleguy.blogspot.com http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html
    Patch
  • smartplatforms.org http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/
    Exploit

Remediation

  • gforge.hl7.org http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088
    Patch
  • motorcycleguy.blogspot.com http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html
    Patch