Vulnerability Details CVE-2021-25791
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.0%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://www.exploit-db.com/exploits/49396
- https://www.sourcecodester.com
- https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html
- https://www.exploit-db.com/exploits/49396
- https://www.sourcecodester.com
- https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html
Products affected by CVE-2021-25791
-
Online Doctor Appointment System Php Full Source Code Project » Online Doctor Appointment System Php Full Source Code » Version: 1.0cpe:2.3:a:online_doctor_appointment_system_php_full_source_code_project:online_doctor_appointment_system_php_full_source_code:1.0