← Back

Nosh Chartingsystem Project

nosh_chartingsystem_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Nosh Chartingsystem
nosh_chartingsystem
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-24610
1Nosh Chartingsystem Project
1Nosh Chartingsystem
Mar 27, 2025
Feb 1, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information...Show more
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.Show less
CVE-2023-24065
1Nosh Chartingsystem Project
1Nosh Chartingsystem
Mar 28, 2025
Jan 29, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may a...Show more
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting.Show less