CVE-2021-38707

Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
cliniccasescliniccases
7.3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/judsonmitchell/ClinicCases/releases
https://github.com/sudonoodle/CVE-2021-38707
https://github.com/judsonmitchell/ClinicCases/releases
https://github.com/sudonoodle/CVE-2021-38707