| Título | CodeAstro HMS Hospital Management System 1.0 Stored XSS |
|---|
| Descrição | There are several stored xss vulnerabilities in different endpoints. The vulnerability arises from lack of input validation in the application. The web server imputs with POST request with input validation. When the attacker give an input with xss payload (like simple payload <script>alert(1)<script>) instead of normal input, the web application inserts this payload to the database directly after giving sql query. |
|---|
| Fonte | ⚠️ https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md |
|---|
| Utilizador | egsec (UID 77043) |
|---|
| Submissão | 20/11/2024 14h47 (há 2 anos) |
|---|
| Moderação | 25/11/2024 15h45 (5 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 286018 [CodeAstro Hospital Management System 1.0 his_doc_register_patient.php Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|