Smart Hospital 3.1 "Add Patient" Stored XSS

CVE Category Price Severity
N/A CWE-79 Unspecified High
Author Risk Exploitation Type Date
Unspecified High Remote 2020-12-18

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Smart Hospital 3.1 "Add Patient" Stored XSS
# Exploit Title:  Smart Hospital 3.1 - "Add Patient" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-18
# Vendor Homepage:
# Software Link:
# Affected Version: Version 3.1
# Tested on: Kali Linux

Step 1. Login to the application with Super Admin credentials

Step 2. Click on "OPD-Out Patient" and then click on "Add Patient" then
select "Add Patient" Again.

Step 3. Insert payload - "><svg/onmouseover=alert(1)> ,  in Name , Guardian
Name  , Email , Address , Remarks and Any Known Allergies and Save it.

Step 4. Now the patient profile will open , when your course will move
around profile details they will show an alert box.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.