Saud-Ahmad
commented
3 years ago CVE-ID assigned for above vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-31327 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31327
Open Saud-Ahmad opened 3 years ago
Saud-Ahmad
commented
3 years ago CVE-ID assigned for above vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-31327 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31327
Saud-Ahmad
commented
3 years ago Exploit has been Published by Exploit-DB https://www.exploit-db.com/exploits/49795
Stored XSS vulnerability in Version 2.0 which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page.
Vulnerable Endpoint: http://localhost/RemoteClinic/medicines Step to Reproduce:
1) Login in Application as Doctor. 2) When you scroll down the main dashboard page, there is medicines options, Click "New Medicine".
3) Here is a "Medicine Name" Field which is vulnerable to XSS. Inject XSS Payload:
4) You can see there is client side validation on Medicine Name with maxlength is 30 but not validate on server side.
5) Change maxlength to 100.
6) Now Click on Register.
7) XSS Executed on medicines/new.php
8) Now go to /medicines, Click on Show All.
9) XSS Executed on /medicines.