CVE-2014-5452

NONE EPSS 78.9%
Published Sep 2, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 2, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations.

Threat Intelligence

EPSS Exploit Probability
78.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
hl7c-cda* ≤1.1

References 6

Remediation

  • gforge.hl7.org http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088
    Patch
  • motorcycleguy.blogspot.com http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html
    Patch