QwikSec

Security Database

CVE

CWE

Training

CVE-2023-33255

Published: May 26, 2023

Modified: Jan 15, 2025

PUBLISHED

Description

An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://schutzwerk.com

https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt

20230530 SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer

mailing-list

http://packetstormsecurity.com/files/172644/Papaya-Medical-Viewer-1.0-Cross-Site-Scripting.html

https://www.schutzwerk.com/blog/schutzwerk-sa-2022-001/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.