Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info

Trustwave researchers discovered two XSS flaws in Canon Medical ’s Vitrea View tool that could expose patient information. During a penetration test, Trustwave Spiderlabs’ researchers discovered two reflected cross-site scripting (XSS) vulnerabilities, collectively as CVE-2022-37461, in third-party software for Canon Medical’s Vitrea View. The Vitrea View tool allows viewing and securely share medical images through […]

Reflected XSS Canon Medical

Trustwave researchers discovered two XSS flaws in Canon Medical ’s Vitrea View tool that could expose patient information.

During a penetration test, Trustwave Spiderlabs’ researchers discovered two reflected cross-site scripting (XSS) vulnerabilities, collectively as CVE-2022-37461, in third-party software for Canon Medical’s Vitrea View. The Vitrea View tool allows viewing and securely share medical images through the DICOM standard.

Reflected XSS Canon Medical

An attacker can trigger the flaws to access/modify patient information (i.e. stored images and scans) and obtain additional access to some services associated with Vitrea View.

“If exploited an attacker could access patient information and obtain additional access to various services associated with Vitrea View.” reads the report published by Trustwave Spiderlabs.

The first issue is an unauthenticated Reflected XSS that resides in an error message at /vitrea-view/error/ which reflects all input after the /error/ subdirectory back to the user, with minor restrictions. The experts noticed that single and double quotes, and space characters can break the reflection. The use od backticks (`) and base64 encoding could allow avoiding these restrictions, however, and importing remote scripts.

The second issue is another Reflected XSS in the Vitrea View Administrative panel. An attacker can access the panel by tricking the victims into clicking on a specially crafted link. The experts discovered that search for ‘groupID’, ‘offset’, and ‘limit’ in the ‘Group and Users’ page of the administration panel all reflect their input back to the user when text is entered instead of the expected numerical inputs.

“Like the previous finding, the reflected input is slightly restricted, as it does not allow spaces. Once an authenticated admin is coerced into visiting the affected URL, it is possible to create and modify the Python, JavaScript and Groovy scripts used by the Vitrea View application.” continues the report.

The experts also published a proof of concept for both vulnerabilities.

Canon Medical addressed both vulnerabilities with the release of Vitrea View version 7.7.6.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Canon Medical)

[adrotate banner=”5″]

[adrotate banner=”13″]