Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Hospital Management System v1.0 - Stored Cross Site Scripting (XSS) - exploit.company
header-logo
Suggest Exploit
vendor:
Hospital Management System
by:
Sandeep Vishwakarma
6.1
CVSS
HIGH
Stored Cross Site Scripting (XSS)
79
CWE
Product Name: Hospital Management System
Affected Version From: v1.0
Affected Version To: v1.0
Patch Exists: NO
Related CWE: CVE-2024-29412
CPE: a:code-projects:hospital_management_system:1.0
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
2024

Hospital Management System v1.0 – Stored Cross Site Scripting (XSS)

Hospital Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) due to insufficient input validation. An attacker can execute malicious code by injecting a crafted payload into parameters such as 'patient_id', 'first_name', 'middle_initial', and 'last_name' in the 'receptionist.php' component.

Mitigation:

To mitigate this vulnerability, input validation should be implemented to sanitize user inputs and prevent the execution of scripts. Additionally, encoding user-supplied data before displaying it can help prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
# Google Dork: NA
# Date: 28-03-2024
# Exploit Author: Sandeep Vishwakarma
# Vendor Homepage: https://code-projects.org
# Software Link: https://code-projects.org/hospital-management-system-in-php-css-javascript-and-mysql-free-download/
# Version: v1.0
# Tested on: Windows 10
# CVE : CVE-2024-29412
# Description: Stored Cross Site Scripting vulnerability in
Hospital Management System - v1.0 allows an attacker to execute arbitrary
code via a crafted payload to the 'patient_id',
'first_name','middle_initial' ,'last_name'" in /receptionist.php component.

# POC:
1. Go to the User Login page: "
http://localhost/HospitalManagementSystem-gh-pages/
2. Login with "r1" ID which is redirected to "
http://localhost/HospitalManagementSystem-gh-pages/receptionist.php"
endpoint.
3. In Patient information functionality add this payload
"><script>alert('1')</script> ,in all parameter.
4. click on submit.

# Reference:
https://github.com/hackersroot/CVE-PoC/blob/main/CVE-2024-29412.md

Navigation

Suggest Exploit

Services By CQR