CVE-2021-25791

Опубликовано: 23 июл. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.

Ссылки

https://www.exploit-db.com/exploits/49396
Exploit
Third Party Advisory
VDB Entry
https://www.sourcecodester.com
Product
https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html
Product
https://www.exploit-db.com/exploits/49396
Exploit
Third Party Advisory
VDB Entry
https://www.sourcecodester.com
Product
https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:online_doctor_appointment_system_php_full_source_code_project:online_doctor_appointment_system_php_full_source_code:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00141

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-crvr-69hq-pc38

github

больше 3 лет назад