CVE-2021-38705
- EPSS 1.05%
- Veröffentlicht 07.09.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:17:56
ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user....
CVE-2021-38706
- EPSS 0.45%
- Veröffentlicht 07.09.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:17:56
messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter.
CVE-2021-38707
- EPSS 0.21%
- Veröffentlicht 07.09.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:17:57
Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content...
CVE-2021-38704
- EPSS 9.96%
- Veröffentlicht 07.09.2021 20:15:07
- Zuletzt bearbeitet 21.11.2024 06:17:56
Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.