Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-16218— Philips Patient Monitoring Devices Cross-site Scripting

EPSS 0.10% · P28
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-16218

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Philips Patient Monitoring Devices Cross-site Scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Philips Patient Information Center iX 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Philips Patient Information Center iX是欧洲飞利浦(Philips)公司的飞利浦患者信息中心 (PIC iX) 是我们患者监测系统的核心,它有助于了解患者状况,帮助护理人员及早识别潜在的恶化,同时增强临床工作流程。 Philips Patient Information Center iX 中存在跨站脚本漏洞。该漏洞源于在电子表格软件打开文件时可能解释为命令的特殊元素。以下是受影响的产品及版本:B.02, C.02, C.03。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
PhilipsPatient Information Center iX (PICiX) B.02 -

II. Public POCs for CVE-2020-16218

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-16218

登录查看更多情报信息。

Same Patch Batch · Philips · 2020-09-11 · 8 CVEs total

CVE-2020-16212Philips Patient Monitoring Devices Exposure of Resource to Wrong Sphere
CVE-2020-16214Philips Patient Monitoring Devices Improper Neutralization of Formula Elements in a CSV Fi
CVE-2020-16216Philips Patient Monitoring Devices Improper Input Validation
CVE-2020-16220Philips Patient Monitoring Devices Improper Validation of Syntactic Correctness of Input
CVE-2020-16222Philips Patient Monitoring Devices Improper Authentication
CVE-2020-16224Philips Patient Monitoring Devices Improper Handling of Length Parameter Inconsistency
CVE-2020-16228Philips Patient Monitoring Devices Improper Check for Certificate Revocation

IV. Related Vulnerabilities

Same product: Patient Information Center iX (PICiX)
Same vendor: Philips
Same weakness: CWE-79

V. Comments for CVE-2020-16218

No comments yet

Leave a comment