CVE-2017-5631
published 2017-05-01CVE-2017-5631: An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php…
PriorityP338medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
4.49%
90.3th percentile
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
KMCIS CaseAware - Cross-Site Scripting
exploitdb·2017-05-20·CVSS 6.1
CVE-2017-5631 [MEDIUM] KMCIS CaseAware - Cross-Site Scripting
KMCIS CaseAware - Cross-Site Scripting
---
# Exploit Title: CaseAware Cross Site Scripting Vulnerability
# Date: 20th May 2017
# Exploit Author: justpentest
# Vendor Homepage: https://caseaware.com/
# Version: All the versions
# Contact: [email protected]
# CVE : 2017-5631
Source: https://nvd.nist.gov/vuln/detail/CVE-2017-5631#vulnDescriptionTitle
1) Description:
An issue with respect to input sanitization was discovered in KMCIS
CaseAware. Reflected cross site scripting is present in the user parameter
(i.e., "usr") that is transmitted in the login.php query string. So
bascially username parameter is vulnerable to XSS.
2) Exploit:
https://caseaware.abc.com:4322/login.php?mid=0&usr=admin'>Click_ME<'
3) References:
https://www.openbugbounty.org/incidents/228262/
https://nvd
Nuclei
KMCIS CaseAware - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2017-5631 [MEDIUM] KMCIS CaseAware - Cross-Site Scripting
KMCIS CaseAware - Cross-Site Scripting
KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.
Template:
id: CVE-2017-5631
info:
name: KMCIS CaseAware - Cross-Site Scripting
author: edoardottt
severity: medium
description: KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
To remediate this vulnerability, it is recommended to apply the latest patches or updates provided by the v
No writeups or analysis indexed.
2017-05-01
Published