| عنوان | CodeAstro HMS Hospital Management System 1.0 Stored XSS |
|---|
| الوصف | There are several stored xss vulnerabilities in different endpoints. The vulnerability arises from lack of input validation in the application. The web server imputs with POST request with input validation. When the attacker give an input with xss payload (like simple payload <script>alert(1)<script>) instead of normal input, the web application inserts this payload to the database directly after giving sql query. |
|---|
| المصدر | ⚠️ https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md |
|---|
| المستخدم | egsec (UID 77043) |
|---|
| ارسال | 20/11/2024 02:47 PM (2 سنوات منذ) |
|---|
| الاعتدال | 25/11/2024 03:45 PM (5 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 286018 [CodeAstro Hospital Management System 1.0 his_doc_register_patient.php البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|