Saud-Ahmad

**Name of the Vulnerable Software and Affected Versions** RemoteClinic version 2.0 **Description** The issue allows attackers to execute arbitrary commands and gain sensitive information. This is achieved via the `id` parameter to the "/medicines/profile.php" API endpoint. **Recommendations** For RemoteClinic version 2.0, consider restricting access to the "/medicines/profile.php" endpoint until a patch is available, and avoid using the `id` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Remote Clinic version 2.0 **Description** The issue is related to a Stored XSS in the /medicines endpoint due to the `Medicine Name Field`. **Recommendations** For version 2.0, ensure proper input validation and sanitization for the `Medicine Name Field` to prevent XSS attacks. Consider temporarily restricting access to the /medicines endpoint until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** Remote Clinic version 2.0 **Description** The issue concerns a Cross Site Scripting (XSS) problem. It affects the "Chat" and "Personal Address" fields on the staff/register.php page. **Recommendations** For Remote Clinic version 2.0, consider restricting access to the staff/register.php page until a fix is available. As a temporary workaround, avoid using the "Chat" and "Personal Address" fields in the staff/register.php page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Remote Clinic version 2.0 **Description** The issue is related to Cross Site Scripting (XSS) that can be exploited via the `Clinic Name`, `Clinic Address`, `Clinic City`, or `Clinic Contact` field on the "clinics/register.php" API endpoint. This allows for malicious script execution. **Recommendations** For Remote Clinic version 2.0, as a temporary workaround, consider validating and sanitizing user input for the `Clinic Name`, `Clinic Address`, `Clinic City`, and `Clinic Contact` fields to prevent XSS attacks. Restrict access to the "clinics/register.php" endpoint until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Remote Clinic version 2.0 **Description** The issue is related to Cross Site Scripting (XSS) that occurs via the Full Name field on the "register-patient.php" API endpoint. This allows for potential malicious script injection. **Recommendations** For Remote Clinic version 2.0, consider disabling the Full Name field on the "register-patient.php" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `Full Name` field in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Remote Clinic version 2.0 **Description** The issue is related to Cross Site Scripting (XSS) that can be exploited via the `First Name` or `Last Name` field on the "staff/register.php" API endpoint. This allows for potential malicious script injection. **Recommendations** For Remote Clinic version 2.0, consider disabling the `staff/register.php` endpoint until a patch is available, or restrict input for the `First Name` and `Last Name` fields to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Remote Clinic version 2.0 **Description** The issue is related to Cross Site Scripting (XSS) that occurs via the `Symptons` field on the "patients/register-report.php" API endpoint. This allows for potential malicious script execution. **Recommendations** For Remote Clinic version 2.0, consider disabling the `Symptons` field in the "patients/register-report.php" endpoint until a fix is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `Symptons` field in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Remote Clinic version 2.0 **Description** The issue is related to Cross Site Scripting (XSS) that can be exploited via the `Fever` or `Blood Pressure` field on the "patients/register-report.php" API endpoint. This allows for malicious script execution. **Recommendations** For Remote Clinic version 2.0, as a temporary workaround, consider restricting input for the `Fever` and `Blood Pressure` fields in the "patients/register-report.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.