| Title | CodeAstro HMS Hospital Management System 1.0 Stored XSS |
|---|
| Description | There are several stored xss vulnerabilities in different endpoints. The vulnerability arises from lack of input validation in the application. The web server imputs with POST request with input validation. When the attacker give an input with xss payload (like simple payload <script>alert(1)<script>) instead of normal input, the web application inserts this payload to the database directly after giving sql query. |
|---|
| Source | ⚠️ https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md |
|---|
| User | egsec (UID 77043) |
|---|
| Submission | 11/20/2024 14:47 (2 years ago) |
|---|
| Moderation | 11/25/2024 15:45 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 286018 [CodeAstro Hospital Management System 1.0 his_doc_register_patient.php cross site scripting] |
|---|
| Points | 20 |
|---|