| Title | SourceCodester Doctor Appointment System 1 Cross Site Scripting |
|---|
| Description | A Cross Site Scripting (Stored) vulnerability has been identified in Doctor Appointment System.
This vulnerability resides in the User register (Patient) within the files:
/doctor-appointment-system/register.php
/doctor-appointment-system/admin/users.php
/doctor-appointment-system/admin/doctors.php
Observation:
Due to insufficient input validation and output encoding, the application is vulnerable to Cross Site Scripting (Stored). An attacker can store malicious JavaScript code within the email input field.
Impact:
Successful exploitation allows the attacker to execute arbitrary code in the browser of a victim (such as a User or Doctor page) when they view the affected pages. This can lead to the theft of administrative session cookies, effectively granting the attacker remote administrative privileges.
Recommendation:
It is recommended to implement proper input validation and output encoding based on context (HTML, JavaScript, URL, etc.). Use secure development frameworks that automatically escape user input. |
|---|
| Source | ⚠️ https://github.com/rayficom/Proof-of-Concept/blob/main/20260219/README.md |
|---|
| User | waimanlo (UID 88459) |
|---|
| Submission | 02/19/2026 03:40 AM (2 months ago) |
|---|
| Moderation | 02/26/2026 09:36 PM (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 348053 [SourceCodester Doctor Appointment System 1.0 Sign Up Page /register.php Email cross site scripting] |
|---|
| Points | 20 |
|---|