You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this issue, when using the hapi-fhir-testpage-overlay (the testing UI most known for its display on http://hapi.fhir.org ) several URL parameters are not sanitized. This could lead to information disclosure (such as cookies) via a specially crafted URL.
The text was updated successfully, but these errors were encountered:
This is a public tracking ticket to document the fix for an XSS exploit reported by Mudit Punia and Dushyant Garg.
The issue has been corrected in HAPI FHIR 3.8.0 via the following commit: 8f41159#diff-a64fc451d8988d1d97d8488edca3b15d
In this issue, when using the hapi-fhir-testpage-overlay (the testing UI most known for its display on http://hapi.fhir.org ) several URL parameters are not sanitized. This could lead to information disclosure (such as cookies) via a specially crafted URL.
The text was updated successfully, but these errors were encountered: