← Back

Hl7

hl7

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
C Cda
c-cda
3 CVEs
Fhir Ig Publisher
fhir_ig_publisher
1 CVE

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-24057
2Hapifhir
Hl7
2Fhir Ig Publisher
Hl7 Fhir Core
Apr 1, 2025
Jan 26, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM packa...Show more
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).Show less
CVE-2014-5452
1Hl7
1C Cda
May 6, 2026
Sep 2, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that...Show more
CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations.Show less
CVE-2014-3862
1Hl7
1C Cda
May 6, 2026
Sep 2, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, lea...Show more
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.Show less
CVE-2014-3861
1Hl7
1C Cda
May 6, 2026
Sep 2, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.