Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Stored Cross Site Scripting (XSS) vulnerability exists in edoc-doctor-appointment-system v1.0.1. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.

vendor : https://github.com/HashenUdara/edoc-doctor-appointment-system

Vulnerability Position : http://ip/patient/settings.php

Log in to the http://ip/login.php

Visit http://ip/patient/settings.php , will access the page of the module.

Click Account Setting.

image-20220718134336627

And then insert <script>alert(1)</script> at the name box.

image-20220718135038632

At last click the save button.

When you click View Account Details button , you will see the pop -up window.

image-20220718135257659

image-20220718135431746