CVE-2026-10173

Published: Mag 31, 2026 Last Modified: Mag 31, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: 21f78ce5da668bf5233efcd1896ec7c6e3b22eae. Applying a patch is the recommended action to fix this issue.

79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Integrity Availability
Potential Impacts:
Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
Likelihood of Exploit: High
View CWE Details
94

Improper Control of Generation of Code ('Code Injection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Integrity Confidentiality Availability Non-Repudiation
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities
Applicable Platforms
Languages: Interpreted
Technologies: AI/ML
Likelihood of Exploit: Medium
View CWE Details
https://github.com/orthanc-server/orthanc-explorer-2/issues…
https://github.com/orthanc-server/orthanc-explorer-2/issues/108
https://github.com/rafaelsouzars/orthanc-explorer-2/commit/…
https://github.com/rafaelsouzars/orthanc-explorer-2/commit/21f78ce5da668bf5233e…
https://vuldb.com/cve/CVE-2026-10173
https://vuldb.com/cve/CVE-2026-10173
https://vuldb.com/submit/819559
https://vuldb.com/submit/819559
https://vuldb.com/vuln/367430
https://vuldb.com/vuln/367430
https://vuldb.com/vuln/367430/cti
https://vuldb.com/vuln/367430/cti