CVE-2021-38705

Name of the Vulnerable Software and Affected Versions ClinicCases version 7.3.3

Description The issue allows for Cross-Site Request Forgery (CSRF) attacks, where an authenticated user following a malicious link can result in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker.

Recommendations For ClinicCases version 7.3.3, as a temporary workaround, consider implementing additional validation for requests to prevent CSRF attacks, such as verifying the origin of requests or using tokens to validate user intentions. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.