| 标题 | Patient Queue Management System 1.0 Stored XSS |
|---|
| 描述 | - I found a ( Stored XSS And Html injection ) vulnerability in the PHP product Patient Queue Management System.
- The vulnerability exists in the following input fields: ( First Name , Last Name ) .
- project link : https://www.sourcecodester.com/php/18348/patients-waiting-area-queue-management-system.html
- Poc Stored XSS : https://drive.google.com/file/d/1n44YqMSMd6Lk68FspWKcFnsZNFfB0jMj/view?usp=drive_link
- Poc Html Injection : https://drive.google.com/file/d/14kyyKJj-wtdHdTJ0hXbY5re-3MLVk2s5/view?usp=drive_link
- Steps to Reproduce :
- The Payloads Stored XSS is storing in Database :
1 - Go to the patient registration form.
2 - In the First Name or Last Name field, insert the following payload :
<script>alert(document.domain)</script> Or <img src=x onerror=alert(document.cookie)>
- Html Injection :
<h1> html injected </h1> Or <h1style="color: red;"> html injected </h1> Or <h1>
|
|---|
| 用户 | 0day_dz (UID 91923) |
|---|
| 提交 | 2026-02-11 15時09分 (4 月前) |
|---|
| 管理 | 2026-02-23 14時48分 (12 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 344856 [SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 Patient Registration /registration.php First Name 跨网站脚本] |
|---|
| 积分 | 0 |
|---|