| Title | Stored XSS in Medical Certificate Generator App 1.0 |
|---|
| Description | # Sofware link :https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html
Description:
------------
A Stored vulnerability was found in Source Codester Medical Certificate Generator App 1.0. The manipulation of the argument Reason with the input "><script>prompt(1)</script> in the "Lastname" field in the form leads to cross site scripting. The attack may be launched remotely.
Step to Reproduce :
------------------
1.click on NewRecord.
2.In place of lastname place the payload as "><script>prompt(1)</script>
3.fill the other requried fields.
4. click on "SAVE RECORD".
5. click on the tab Med Cert. Records ,the XSS payload get trigger with a dialogue box.
|
|---|
| User | Anonymous User |
|---|
| Submission | 02/21/2023 18:53 (3 years ago) |
|---|
| Moderation | 02/24/2023 09:21 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 221739 [SourceCodester Medical Certificate Generator App 1.0 New Record cross site scripting] |
|---|
| Points | 17 |
|---|