CVE-2015-4591
MEDIUMeClinicalWorks Population Health - Unauthenticated Stored Cross-Site Scripting via strMessage Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-4591. PoCs published by Jerold Hoong.
AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in eClinicalWorks Population Health (CCMR) Client Portal Software, including XSS, SQL injection, CSRF, and session fixation. It provides detailed payloads and proof-of-concept code for each vulnerability.
Description
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
Exploits (1)
The exploit demonstrates multiple vulnerabilities in eClinicalWorks Population Health (CCMR) Client Portal Software, including XSS, SQL injection, CSRF, and session fixation. It provides detailed payloads and proof-of-concept code for each vulnerability.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N