CVE-2023-23637 Information

Description

IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information.

Reference

https://github.com/lambda-science/IMPatienT/issues/101 https://github.com/lambda-science/IMPatienT/compare/v1.5.1…v1.5.2 https://github.com/lambda-science/IMPatienT/releases/tag/v1.5.2