← Zuruck zu CVEs

CVE-2021-38707

MEDIUM

5.4

Beschreibung

Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft.

CVE Details

CVSS v3.1 Bewertung5.4

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionREQUIRED

Veroffentlicht9/7/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

cliniccases:cliniccases

Schwachen (CWE)

CWE-79

Referenzen

https://github.com/judsonmitchell/ClinicCases/releases(cve@mitre.org)

https://github.com/sudonoodle/CVE-2021-38707(cve@mitre.org)

https://github.com/judsonmitchell/ClinicCases/releases(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/sudonoodle/CVE-2021-38707(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.