This repository was archived by the owner on Jan 7, 2025. It is now read-only.
This repository was archived by the owner on Jan 7, 2025. It is now read-only.
Stored XSS vulnerability Site-Wide #13
Open
Description
Stored XSS vulnerability in Version 2.0 which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page.
Vulnerable Endpoint: All Endpoints are vulnerable to XSS.
Step to Reproduce:
- Login in Application as Doctor.
- Create New Staff Member.
- Put XSS Payload on "First Name" and "Last Name" of Staff. Both Fields are vulnerable XSS (Site-Wide).
- Now Click on Register.
- Profile Created.
- Now SignOut.
- Now Login to that Staff account which i created in the name of XSS Payload.
- XSS Executed on /dashboard/ endpoint because staff member name including "First Name" and "Last Name" Both are reflected on all the pages/endpoints.
--> Go to /patients/ endpoint.
--> Go to /register-patient.php endpoint.
--> Go to /recent-activity.php endpoint.
I tested all endpoints of RemoteClinic v2.0, all are vulnerable to XSS because of "First Name" and "Last Name" of Staff reflected all the pages and some of the endpoints i mentioned in the form of screenshots above.
Metadata
Metadata
Assignees
Labels
No labels