PT-2022-23259 · Unknown · Doctor Appointment System
Published
2022-08-31
·
Updated
2022-09-06
·
CVE-2022-36203
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Doctor's Appointment System version 1.0
Description
The issue allows for Cross Site Scripting (XSS) via the admin panel, which can lead to the takeover of the administrator account by stealing the cookie via XSS.
Recommendations
For Doctor's Appointment System version 1.0, consider disabling access to the admin panel until a fix is available to prevent potential XSS attacks and subsequent administrator account takeovers. Restrict the use of sensitive features within the admin panel to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Doctor Appointment System