CVE-2021-25791

Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
online_doctor_appointment_system_php_full_source_code_projectonline_doctor_appointment_system_php_full_source_code
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/49396
https://www.sourcecodester.com
https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html
https://www.exploit-db.com/exploits/49396
https://www.sourcecodester.com
https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html