CVE-2021-30042

Name of the Vulnerable Software and Affected Versions Remote Clinic version 2.0

Description The issue is related to Cross Site Scripting (XSS) that can be exploited via the Clinic Name, Clinic Address, Clinic City, or Clinic Contact field on the "clinics/register.php" API endpoint. This allows for malicious script execution.

Recommendations For Remote Clinic version 2.0, as a temporary workaround, consider validating and sanitizing user input for the Clinic Name, Clinic Address, Clinic City, and Clinic Contact fields to prevent XSS attacks. Restrict access to the "clinics/register.php" endpoint until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.