PT-2021-19243 · Unknown · Remote Clinic
Saud-Ahmad
·
Published
2021-04-21
·
Updated
2021-04-22
·
CVE-2021-31327
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Remote Clinic version 2.0
Description
The issue is related to a Stored XSS in the /medicines endpoint due to the
Medicine Name Field.Recommendations
For version 2.0, ensure proper input validation and sanitization for the
Medicine Name Field to prevent XSS attacks. Consider temporarily restricting access to the /medicines endpoint until a proper fix is implemented.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Remote Clinic