CVE-2021-38707

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-38707

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38707.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-38707

Published

2021-09-07T20:15:08Z

Modified

2025-01-08T08:15:54.409042Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft.

References

Affected packages

Git / github.com/judsonmitchell/cliniccases

Affected ranges

Type: GIT
Repo: https://github.com/judsonmitchell/cliniccases
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

45c4839c18e0b0a2ed4ef88c538ec679df523fdf

Affected versions

7.*

7.0.0

Beta1.*

Beta1.0

Other

RC1

RC1.*

RC1.4

v7.*

v7.0.1

v7.0.2

v7.1.0

v7.1.1

v7.1.2

v7.1.3

v7.1.6

v7.1.7

v7.16

v7.2

v7.2.1

v7.2.10

v7.2.2

v7.2.3

v7.2.4

v7.2.6

v7.2.7

v7.2.8

v7.2.9

v7.3.0

v7.3.1

v7.3.2

v7.3.3

v7beta2.*

v7beta2.0

v7beta3.*

v7beta3.0

v7beta4.*

v7beta4.0

v7beta5.*

v7beta5.0

v7beta5.2

v7beta5.3

v7beta5.5

v7beta6.*

v7beta6.4

v7beta6.4a

v7beta6.5

v7beta6.5a