Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NovaRad NovaPACS Diagnostics Viewer 8.5 XML External Entity Injection
Vulnerability Description
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
NovaRad NovaPACS Diagnostics Viewer 安全漏洞
Vulnerability Description
NovaRad NovaPACS Diagnostics Viewer是菲律宾NovaRad公司的一个医学影像诊断查看器。 NovaRad NovaPACS Diagnostics Viewer 8.5.19.75版本存在安全漏洞,该漏洞源于XML偏好设置导入存在XML外部实体注入,可能导致任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A