CVE-2023-1036

Name of the Vulnerable Software and Affected Versions SourceCodester Dental Clinic Appointment Reservation System version 1.0

Description A vulnerability was found in the Dental Clinic Appointment Reservation System, affecting the file /APR/signup.php, specifically the POST Parameter Handler component. The issue arises from the manipulation of the firstname argument, leading to cross-site scripting. This can be initiated remotely.

Recommendations For version 1.0, consider disabling the firstname parameter in the /APR/signup.php file until a patch is available to prevent cross-site scripting attacks. Restrict access to the signup.php file to minimize the risk of exploitation. Avoid using the firstname parameter in the affected POST request until the issue is resolved.