Open
Description
Persistent cross-site scripting (XSS) in Hospital Management System v4.0 targeted towards web admin through /admin-panel1.php at via the parameter demail.
Add Doctor info payload to Doctor Name of Add Doctor page to target /admin-panel1.php ,then use burpsuite get requests datas,change the 'demail' parameter to xss payload: <sCrIpT>alert(5555)</ScRiPt>

Proof of concept (Poc)
<sCrIpT>alert(5555)</ScRiPt>Metadata
Metadata
Assignees
Labels
No labels
