Advertisement






Smart Hospital 3.1 "Add Patient" Stored XSS

CVE Category Price Severity
N/A CWE-79 Unspecified High
Author Risk Exploitation Type Date
Unspecified High Remote 2020-12-18
CPE
cpe:cpe:/a:smart-hospital:3.1
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120125

Below is a copy:

Smart Hospital 3.1 "Add Patient" Stored XSS
# Exploit Title:  Smart Hospital 3.1 - "Add Patient" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-18
# Vendor Homepage: https://smart-hospital.in/index.html
# Software Link: https://codecanyon.net/item/smart-hospital-hospital-management-system/23205038
# Affected Version: Version 3.1
# Tested on: Kali Linux

Step 1. Login to the application with Super Admin credentials

Step 2. Click on "OPD-Out Patient" and then click on "Add Patient" then
select "Add Patient" Again.

Step 3. Insert payload - "><svg/onmouseover=alert(1)> ,  in Name , Guardian
Name  , Email , Address , Remarks and Any Known Allergies and Save it.

Step 4. Now the patient profile will open , when your course will move
around profile details they will show an alert box.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.