PT-2021-18582 · Unknown · Remote Clinic
Saud-Ahmad
·
Published
2021-04-12
·
Updated
2021-08-27
·
CVE-2021-30044
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Remote Clinic version 2.0
Description
The issue is related to Cross Site Scripting (XSS) that can be exploited via the
First Name or Last Name field on the "staff/register.php" API endpoint. This allows for potential malicious script injection.Recommendations
For Remote Clinic version 2.0, consider disabling the
staff/register.php endpoint until a patch is available, or restrict input for the First Name and Last Name fields to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Remote Clinic