Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Potential XSS exploit in hapi-fhir-testpage-overlay #1335
This is a public tracking ticket to document the fix for an XSS exploit reported by Mudit Punia and Dushyant Garg.
The issue has been corrected in HAPI FHIR 3.8.0 via the following commit: 8f41159#diff-a64fc451d8988d1d97d8488edca3b15d
In this issue, when using the hapi-fhir-testpage-overlay (the testing UI most known for its display on http://hapi.fhir.org ) several URL parameters are not sanitized. This could lead to information disclosure (such as cookies) via a specially crafted URL.