ClinicCases is an open source case management system designed for law school clinics.A cross-site scripting vulnerability exists in ClinicCases version 7.3.3, which stems from a lack of effective validation and filtering of user-submitted parameters by the software. The vulnerability allows a low privilege attacker to introduce arbitrary JavaScript to set account parameters. the XSS payload will execute in the browser of any user viewing the content in question. An attacker could take over the account through session token theft.
CPE | Name | Operator | Version |
---|---|---|---|
cliniccases cliniccases | eq | 7.3.3 |