| 제목 | CodeAstro HMS Hospital Management System 1.0 Stored XSS |
|---|
| 설명 | There are several stored xss vulnerabilities in different endpoints. The vulnerability arises from lack of input validation in the application. The web server imputs with POST request with input validation. When the attacker give an input with xss payload (like simple payload <script>alert(1)<script>) instead of normal input, the web application inserts this payload to the database directly after giving sql query. |
|---|
| 원천 | ⚠️ https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md |
|---|
| 사용자 | egsec (UID 77043) |
|---|
| 제출 | 2024. 11. 20. PM 02:47 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 11. 25. PM 03:45 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 286018 [CodeAstro Hospital Management System 1.0 his_doc_register_patient.php 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|