CVE-2021-38704

Name of the Vulnerable Software and Affected Versions ClinicCases version 7.3.3

Description The issue allows unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL, resulting in account takeover via session token theft. This is due to multiple reflected cross-site scripting (XSS) vulnerabilities.

Recommendations For ClinicCases version 7.3.3, update to a version that addresses the reflected cross-site scripting (XSS) vulnerabilities to prevent account takeover via session token theft. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.