Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

XSS1 - Sourcecodetester Hospital CRM

Exploit Title: HPRMS - 'room_types' Stored XSS

Exploit Author: (Sant268)

Vendor Homepage: https://www.sourcecodester.com/

Software Link: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html

Version: HPRMS 1.0

Tested on: Ubuntu 20, Apache

CVE: CVE-2022-22850

  • Description: A XSS issue in HPRMS v.1.0 allows remote attackers to inject JavaScript via /articles in the description parameter.

  • Payload used: <img src =q onerror=prompt(8)>

  • Steps to reproduce: 1- Go to http://victim.com/admin/?page=room_types 2- Add Room type, paste the payload in description 3- Alert will pop whenever the page is accessed.