OsiriX Web Portal 8.0.1 DOM Based XSS

Title: OsiriX Web Portal 8.0.1 DOM Based XSS
Advisory ID: ZSL-2016-5381
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 16.12.2016
Summary
With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your workflow environment and an open platform for development of processing tools. It offers advanced post-processing techniques in 2D and 3D, exclusive innovative technique for 3D and 4D navigation and a complete integration with any PACS. OsiriX MD supports 64-bit computing and multithreading for the best performances on the most modern processors. OsiriX MD is certified for medical use, FDA cleared and CE II labeled.
Description
OsiriX suffers from a DOM-based XSS vulnerability because it doesn't use proper sanitization when user input goes to a dangerous HTML modification sink ((element).innerHTML). This can be exploited to execute arbitrary HTML and script code in a user's browser DOM in context of an affected site.
Vendor
Pixmeo Sarl - http://www.osirix-viewer.com
Affected Version
OsiriX 8.0.1
Tested On
macOS 12.10.2 (Sierra)
Vendor Status
N/A
PoC
osirix_domxss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5385.php
Changelog
[16.12.2016] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk