Stored Cross Site Scripting (XSS) vulnerability exists in edoc-doctor-appointment-system v1.0.1. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.

Visit http://ip/patient/settings.php , will access the page of the module.

Click Account Setting.

And then insert <script>alert(1)</script> at the name box.

At last click the save button.

When you click View Account Details button , you will see the pop -up window.

Provide feedback