03Hice

**Name of the Vulnerable Software and Affected Versions** RemoteClinic versions up to 2.0 **Description** A flaw has been found in RemoteClinic that affects unknown code within the `/staff/edit.php` file. Manipulation of the `Last Name` argument can lead to cross-site scripting. The attack can be launched remotely. An exploit for this issue has been published. **Recommendations** RemoteClinic versions prior to 2.1: Address the manipulation of the `Last Name` argument in the `/staff/edit.php` file to prevent cross-site scripting.

**Name of the Vulnerable Software and Affected Versions** RemoteClinic version 2.0 **Description** A SQL injection issue exists in RemoteClinic 2.0 due to the manipulation of the `ID` argument in the `/staff/profile.php` file. The attack can be executed remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.