ClinicCases is an open source case management system designed for law school clinics.A cross-site scripting vulnerability exists in ClinicCases version 7.3.3, which stems from the software’s lack of effective validation and filtering of user-submitted parameters. The vulnerability allows an unauthenticated attacker to introduce arbitrary JavaScript by crafting a malicious URL. An attacker can take over an account through session token theft.