Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stored XSS vulnerability Site-Wide #13

Open
Saud-Ahmad opened this issue Apr 1, 2021 · 1 comment
Open

Stored XSS vulnerability Site-Wide #13

Saud-Ahmad opened this issue Apr 1, 2021 · 1 comment

Comments

@Saud-Ahmad
Copy link

Saud-Ahmad commented Apr 1, 2021

Stored XSS vulnerability in Version 2.0 which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page.

Vulnerable Endpoint: All Endpoints are vulnerable to XSS.

Step to Reproduce:

  1. Login in Application as Doctor.
  2. Create New Staff Member.

1

  1. Put XSS Payload on "First Name" and "Last Name" of Staff. Both Fields are vulnerable XSS (Site-Wide).
    Capture1

2

  1. Now Click on Register.

3

  1. Profile Created.

4

  1. Now SignOut.

5

  1. Now Login to that Staff account which i created in the name of XSS Payload.

6

  1. XSS Executed on /dashboard/ endpoint because staff member name including "First Name" and "Last Name" Both are reflected on all the pages/endpoints.

7

--> Go to /patients/ endpoint.

8

--> Go to /register-patient.php endpoint.

9

--> Go to /recent-activity.php endpoint.

10

I tested all endpoints of RemoteClinic v2.0, all are vulnerable to XSS because of "First Name" and "Last Name" of Staff reflected all the pages and some of the endpoints i mentioned in the form of screenshots above.

@Saud-Ahmad
Copy link
Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant