CVE-2021-30039

Name of the Vulnerable Software and Affected Versions Remote Clinic version 2.0

Description The issue is related to Cross Site Scripting (XSS) that can be exploited via the Fever or Blood Pressure field on the "patients/register-report.php" API endpoint. This allows for malicious script execution.

Recommendations For Remote Clinic version 2.0, as a temporary workaround, consider restricting input for the Fever and Blood Pressure fields in the "patients/register-report.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.