Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple Cross Site Scripting Vulnerabilities in Remote Clinic V2.0 #17

Open
ghost opened this issue Aug 16, 2021 · 2 comments
Open

Multiple Cross Site Scripting Vulnerabilities in Remote Clinic V2.0 #17

ghost opened this issue Aug 16, 2021 · 2 comments

Comments

@ghost
Copy link

ghost commented Aug 16, 2021

In Remote Clinic v2.0, there are multiple Cross-Site Scripting vulnerabilities via the Contact, Email, Weight, Profession, ref_contact, and address parameters in /patients/register-patient.php are vulnerable due to the _POSTs not being sanitized properly for XSS despite being sent through the friendly function.

In Remote Clinic v2.0, there is Stored Cross-Site Scripting and no sanitization for the gender, age, serial parameters when retrieved by _POST in /patients/register-patient.php to be sent to the database. This is possible by changing the values in the dropdowns in the inspect menu.

In Remote Clinic v2.0, in patients/edit-patient.php, the Contact, Email, Weight, Profession, ref_contact, and address parameters being edited are not sanitized for Cross-Site Scripting when they are retrieved by _POST.

In Remote CLinic v2.0, in patients/edit-patient.php, the serial, age, and gender dropdowns are able to be changed via the inspect menu

In Remote Clinic v2.0, in staff/edit-my-profile.php, the Title, First Name, Last Name, Skype, and Address parameters sent by _POST to be put in the database, is unsanitized and prone to Cross-Site Scripting (XSS)

In Remote Clinic v2.0, in clinics/settings.php, most of the parameters being passed into the database are sanitized insufficiently. The parameters that allow Cross-Site Scripting are portal_name, guardian_short_name, guardian_name, opening_time, closing_time, access_level_5, access_level_4,access_level_ 3, access_level_2, access_level_1, currency, mobile_number, address, patient_contact, patient_address, and patient_email.

@EnzoBitMatrix
Copy link

Is this likely to be addressed?

@daverobertson63
Copy link

Not much has been done on this in the last couple of years - it's a nice project but not maintained.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants