CVE-2021-38704

MEDIUM NUCLEI

ClinicCases 7.3.3 - XSS

Title source: llm

Description

Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.

Nuclei Templates (1)

ClinicCases 7.3.3 Cross-Site Scripting

MEDIUMby alph4byt3

Shodan: http.title:"ClinicCases",html:"/cliniccases/" || http.title:"cliniccases",html:"/cliniccases/"

FOFA: title="cliniccases",html:"/cliniccases/"

References (2)

[Release Notes, Third Party Advisory] https://github.com/judsonmitchell/ClinicCases/releases

[Exploit, Third Party Advisory] https://github.com/sudonoodle/CVE-2021-38704

Scores

CVSS v3 6.1

EPSS 0.0499

EPSS Percentile 89.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

cliniccases/cliniccases 7.3.3

Published Sep 07, 2021

Tracked Since Feb 18, 2026