Skip to content
This repository was archived by the owner on Jan 7, 2025. It is now read-only.
This repository was archived by the owner on Jan 7, 2025. It is now read-only.

Stored XSS vulnerability Site-Wide #13

Open
@Saud-Ahmad

Description

@Saud-Ahmad

Stored XSS vulnerability in Version 2.0 which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page.

Vulnerable Endpoint: All Endpoints are vulnerable to XSS.

Step to Reproduce:

  1. Login in Application as Doctor.
  2. Create New Staff Member.

1

  1. Put XSS Payload on "First Name" and "Last Name" of Staff. Both Fields are vulnerable XSS (Site-Wide).
    Capture1

2

  1. Now Click on Register.

3

  1. Profile Created.

4

  1. Now SignOut.

5

  1. Now Login to that Staff account which i created in the name of XSS Payload.

6

  1. XSS Executed on /dashboard/ endpoint because staff member name including "First Name" and "Last Name" Both are reflected on all the pages/endpoints.

7

--> Go to /patients/ endpoint.

8

--> Go to /register-patient.php endpoint.

9

--> Go to /recent-activity.php endpoint.

10

I tested all endpoints of RemoteClinic v2.0, all are vulnerable to XSS because of "First Name" and "Last Name" of Staff reflected all the pages and some of the endpoints i mentioned in the form of screenshots above.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions