From Cybersecurity and Infrastructure Security Agency ↗
Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link.
The following versions of OHIF Viewers DICOM are affected:
OHIF DICOM Web Viewer Framework