| Título | Patient Queue Management System 1.0 Stored XSS |
|---|
| Descrição | - I found a ( Stored XSS And Html injection ) vulnerability in the PHP product Patient Queue Management System.
- The vulnerability exists in the following input fields: ( First Name , Last Name ) .
- project link : https://www.sourcecodester.com/php/18348/patients-waiting-area-queue-management-system.html
- Poc Stored XSS : https://drive.google.com/file/d/1n44YqMSMd6Lk68FspWKcFnsZNFfB0jMj/view?usp=drive_link
- Poc Html Injection : https://drive.google.com/file/d/14kyyKJj-wtdHdTJ0hXbY5re-3MLVk2s5/view?usp=drive_link
- Steps to Reproduce :
- The Payloads Stored XSS is storing in Database :
1 - Go to the patient registration form.
2 - In the First Name or Last Name field, insert the following payload :
<script>alert(document.domain)</script> Or <img src=x onerror=alert(document.cookie)>
- Html Injection :
<h1> html injected </h1> Or <h1style="color: red;"> html injected </h1> Or <h1>
|
|---|
| Utilizador | 0day_dz (UID 91923) |
|---|
| Submissão | 11/02/2026 15h09 (há 4 meses) |
|---|
| Moderação | 23/02/2026 14h48 (12 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada VulDB | 344856 [SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 Patient Registration /registration.php First Name Script de Site Cruzado] |
|---|
| Pontos | 0 |
|---|