CVE-2017-5631

MEDIUM NUCLEI

KMC Information Systems Caseaware - XSS

Title source: rule
STIX 2.1

Description

An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.

Exploits (1)

exploitdb WORKING POC
by justpentest · textwebappsphp
https://www.exploit-db.com/exploits/42042

Nuclei Templates (1)

KMCIS CaseAware - Cross-Site Scripting
MEDIUMby edoardottt
FOFA: title="caseaware"

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.openbugbounty.org/incidents/228262/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42042/

Scores

CVSS v3 6.1
EPSS 0.2527
EPSS Percentile 96.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
kmc_information_systems/caseaware
Published May 01, 2017
Tracked Since Feb 18, 2026