| tiêu đề | Patient Queue Management System 1.0 Stored XSS |
|---|
| Mô tả | - I found a ( Stored XSS And Html injection ) vulnerability in the PHP product Patient Queue Management System.
- The vulnerability exists in the following input fields: ( First Name , Last Name ) .
- project link : https://www.sourcecodester.com/php/18348/patients-waiting-area-queue-management-system.html
- Poc Stored XSS : https://drive.google.com/file/d/1n44YqMSMd6Lk68FspWKcFnsZNFfB0jMj/view?usp=drive_link
- Poc Html Injection : https://drive.google.com/file/d/14kyyKJj-wtdHdTJ0hXbY5re-3MLVk2s5/view?usp=drive_link
- Steps to Reproduce :
- The Payloads Stored XSS is storing in Database :
1 - Go to the patient registration form.
2 - In the First Name or Last Name field, insert the following payload :
<script>alert(document.domain)</script> Or <img src=x onerror=alert(document.cookie)>
- Html Injection :
<h1> html injected </h1> Or <h1style="color: red;"> html injected </h1> Or <h1>
|
|---|
| Người dùng | 0day_dz (UID 91923) |
|---|
| Đệ trình | 11/02/2026 15:09 (cách đây 4 các tháng) |
|---|
| Kiểm duyệt | 23/02/2026 14:48 (12 days later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 344856 [SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 Patient Registration /registration.php First Name Tập lệnh chéo trang] |
|---|
| điểm | 0 |
|---|