Stored XSS vulnerability in Version 2.0 which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page.
After Register New Patient, a page redirect to Register Report Page, when you scroll down page two fields there "Fever" and "Blood Pressure" where i inject XSS Payload:
Now go to home page.
Click on Report which shows on dashboard "Fever...".
XSS Executed on reports.php endpoint.
The text was updated successfully, but these errors were encountered:
Stored XSS vulnerability in Version 2.0 which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page.
Vulnerable Endpoint: http://localhost/RemoteClinic/patients/reports.php?id=85 (In my case, 85 is My Patient Report ID).
Steps to Reproduce:
The text was updated successfully, but these errors were encountered: