CVE-2017-5631

MEDIUM NUCLEI

KMC Information Systems Caseaware - XSS

Title source: rule

Description

An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.

Exploits (1)

exploitdb WORKING POC

by justpentest · textwebappsphp

https://www.exploit-db.com/exploits/42042

View Code ZIP pw:eip

Nuclei Templates (1)

KMCIS CaseAware - Cross-Site Scripting

MEDIUMby edoardottt

FOFA: title="caseaware"

References (2)

[Exploit, Third Party Advisory] https://www.openbugbounty.org/incidents/228262/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42042/

Scores

CVSS v3 6.1

EPSS 0.2527

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

kmc_information_systems/caseaware

n/a/n/a

Timeline

Published May 01, 2017

Tracked Since Feb 18, 2026