CVE-2021-25791

Name of the Vulnerable Software and Affected Versions Online Doctor Appointment System version 1.0

Description The issue concerns stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module. Authenticated attackers can execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.

Recommendations For Online Doctor Appointment System version 1.0, consider validating and sanitizing user input in the First Name, Last Name, and Address fields to prevent the execution of malicious scripts. As a temporary workaround, restrict access to the "Update Profile" module until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.