CVE-2022-37461 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory or the (2) groupID (3) offset or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.

Reference

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=30693 https://www.vitalimages.com/vitrea-vision/vitrea-view/