| Title | SourceCodester Clinics Patient Management System 2.0 Cross Site Scripting |
|---|
| Description | Reflected XSS vulnerability was discovered in Sourcecodester's Clinic's Patient Management System - PHP 2.0 via message paramter
Affected Project: https://www.sourcecodester.com/php/17556/contact-manager-export-vcf-using-php-and-mysql-source-code.html
Official Website: Sourcecodester Clinic's Patient Management System
Version: 2.0
Releted Code: /users.php Line Number: 256-259
parameter: /users.php?message=hello
POC:
1. Download and setup the Clinic's Patient Management System - PHP 2.0
2.Login to the account and go to the "/users.php?message=hello
3. Now replace the message parameter value with xss payload
"><img src=x onerror=alert()>
4. Observer Reflected XSS
Direct link click after login: (for more details check advisory link)
5. http://192.168.95.115/users.php?message="><img src=x onerror=alert()>
|
|---|
| Source | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Reflected-XSS.md |
|---|
| User | guru (UID 74056) |
|---|
| Submission | 09/04/2024 12:07 (2 years ago) |
|---|
| Moderation | 09/06/2024 23:22 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 276773 [SourceCodester Clinics Patient Management System 2.0 /users.php Message cross site scripting] |
|---|
| Points | 20 |
|---|