PT-2023-16683 · Sourcecodester · Sourcecodester Medical Certificate Generator App

Sk3L10X1Ng

Published

2023-02-24

Updated

2024-05-17

CVE-2023-1006

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Medical Certificate Generator App version 1.0

Description A problem was found in the New Record Handler component. The issue arises from the manipulation of arguments such as Firstname, Middlename, Lastname, Suffix, Nationality, Doctor Fullname, and Doctor Suffix with malicious input, like ">, leading to cross-site scripting. This can be initiated remotely.

Recommendations For version 1.0, consider disabling the New Record Handler component or restricting the input for the affected arguments until a fix is available. Avoid using the arguments Firstname, Middlename, Lastname, Suffix, Nationality, Doctor Fullname, and Doctor Suffix with unvalidated input to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-1006

Affected Products

Sourcecodester Medical Certificate Generator App

CVE-2023-1006

Weakness Enumeration

Related Identifiers

Affected Products

References · 5