Stored XSS vulnerability in Version 2.0 which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page.
When you scroll down the main dashboard page, there is clinics options, Click "New Clinic".
Here is four fields vulnerable for XSS /clinics/profile.php?id={Clinic ID} endpoint, "Clinic Name", "Clinic Address", "Clinic City" and "Clinic Contact", Inject XSS Payload in "Clinic Name", "Clinic Address", "Clinic City" and "Clinic Contact".
Click on "Register".
Now Click on "Clinics Directory".
After click on "Clinics Directory", you direct to /clinics/ endpoint where clinics directory show. Click on Clinic where XSS name show.
XSS Executed on /clinics/profile.php?id={Clinic ID} endpoint.
The text was updated successfully, but these errors were encountered:
Stored XSS vulnerability in Version 2.0 which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page.
Vulnerable Endpoint: http://localhost/RemoteClinic/clinics/profile.php?id=32 (in my case, 32 is Clinic ID).
Step To Reproduce:
The text was updated successfully, but these errors were encountered: