Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-38704 PoC — ClinicCases 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-38704.yaml
Associated Vulnerability
Title:ClinicCases 跨站脚本漏洞 (CVE-2021-38704)
Description:ClinicCases是一个开源案例管理系统,专为法学院诊所设计。 ClinicCases 7.3.3版本存在跨站脚本漏洞,该漏洞源于软件对于用户提交的参数缺少有效的验证和过滤。漏洞允许未经身份验证的攻击者可利用该漏洞通过制作恶意URL引入任意JavaScript。攻击者可以通过会话令牌窃取来接管帐户。
Description
ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.
File Snapshot

 id: CVE-2021-38704

info:
  name: ClinicCases 7.3.3 Cross-Site Scripting
  author: alph4byt3
  sever

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.