ByteOS Network

Orthanc

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-0896

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-9.2||CRITICAL

EPSS-0.12% / 31.39%

7 Day CHG~0.00%

Published-13 Feb, 2025 | 01:02

Updated-30 Jul, 2025 | 18:11

Orthanc Server Missing Authentication for Critical Function

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.

Vendor-orthanc-server Orthanc

Product-orthanc Orthanc server

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2023-7238

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-7.1||HIGH

EPSS-0.20% / 42.13%

7 Day CHG~0.00%

Published-23 Jan, 2024 | 19:20

Updated-17 Jun, 2025 | 21:19

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Orthanc Osimis DICOM Web Viewer

A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim's browser.

Vendor-orthanc-server Orthanc

Product-osimis_web_viewer Osimis DICOM Web Viewer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')