Description

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.

Related CPE's

a

doctor\'s_appointment_system_project

doctor\'s_appointment_system

1.0

Vulnerable

References

http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html

ExploitThird Party AdvisoryVDB Entry

https://github.com/aznull/CVEs

Third Party Advisory

https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html

Product

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-08-31T21:15:08.813

2 years ago

Last modified

2022-09-06T17:36:48.890

2 years ago