CVE-2017-5631
KMCIS CaseAware is affected by a reflected cross-site scripting (XSS) vulnerability in the login.php endpoint. The issue stems from insufficient sanitization of the user parameter (usr) in the login.php query string, enabling injection of malicious scripts into pages viewed by users. Impact per s...