ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay@3.5.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Scripting (XSS)

ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay is a Java API for HL7 FHIR Clients and Servers.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via a specially crafted URL.

How to fix Cross-site Scripting (XSS)?

Upgrade ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay to version 5.1.0 or higher.

(,5.1.0)
  • H
Cross-site Scripting (XSS)

ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay is a Java API for HL7 FHIR Clients and Servers.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Users of the HAPI FHIR Testpage Overlay can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. This module is intended for testing and not believed to be widely used for any production purposes. Nonetheless, we recommend all users of the affected module upgrade immediately.

How to fix Cross-site Scripting (XSS)?

Upgrade ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay to version 5.1.0 or higher.

[0,5.1.0)
  • M
Cross-site Scripting (XSS)

ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay is a Java API for HL7 FHIR Clients and Servers.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the testpage overlay module. The attack involves non-sanitised HTTP parameters being output in a form page, allowing malicious users to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. Note that this module is not generally used in production systems so the attack surface is expected to be low.

How to fix Cross-site Scripting (XSS)?

Upgrade ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay to version 3.8.0 or higher.

(,3.8.0)