exploitDog

CVE-2021-38707

Опубликовано: 07 сент. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft.

Ссылки

https://github.com/judsonmitchell/ClinicCases/releases
Release Notes
Third Party Advisory
https://github.com/sudonoodle/CVE-2021-38707
Exploit
Third Party Advisory
https://github.com/judsonmitchell/ClinicCases/releases
Release Notes
Third Party Advisory
https://github.com/sudonoodle/CVE-2021-38707
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cliniccases:cliniccases:7.3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jp5m-9hr9-82w2

github

больше 3 лет назад

Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft.

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79