| Titel | Stored XSS in Medical Certificate Generator App 1.0 |
|---|
| Beschreibung | # Sofware link :https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html
Description:
------------
A Stored vulnerability was found in Source Codester Medical Certificate Generator App 1.0. The manipulation of the argument Reason with the input "><script>prompt(1)</script> in the "Lastname" field in the form leads to cross site scripting. The attack may be launched remotely.
Step to Reproduce :
------------------
1.click on NewRecord.
2.In place of lastname place the payload as "><script>prompt(1)</script>
3.fill the other requried fields.
4. click on "SAVE RECORD".
5. click on the tab Med Cert. Records ,the XSS payload get trigger with a dialogue box.
|
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 21.02.2023 18:53 (vor 3 Jahren) |
|---|
| Moderieren | 24.02.2023 09:21 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 221739 [SourceCodester Medical Certificate Generator App 1.0 New Record Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|