Smart Hospital 3.1 - "Add Patient" Stored XSS

vendor:

Smart Hospital

by:

Kislay Kumar

8.8

CVSS

HIGH

Stored XSS

CWE

Product Name: Smart Hospital

Affected Version From: 3.1

Affected Version To: 3.1

Patch Exists: NO

Related CWE: N/A

CPE: a:smart_hospital:smart_hospital:3.1

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Kali Linux

2020

Smart Hospital 3.1 – “Add Patient” Stored XSS

Smart Hospital 3.1 is vulnerable to Stored XSS. An attacker can exploit this vulnerability by logging in to the application with Super Admin credentials, clicking on "OPD-Out Patient" and then clicking on "Add Patient" then selecting "Add Patient" Again. The attacker can then insert payload - "><svg/onmouseover=alert(1)> , in Name , Guardian Name , Email , Address , Remarks and Any Known Allergies and Save it. When the user moves around the patient profile details, an alert box will be shown.

Mitigation:

Input validation should be done to prevent malicious code from being injected into the application. The application should also be configured to prevent the execution of malicious code.

Source

Exploit-DB raw data:

# Exploit Title:  Smart Hospital 3.1 - "Add Patient" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-18
# Vendor Homepage: https://smart-hospital.in/index.html
# Software Link: https://codecanyon.net/item/smart-hospital-hospital-management-system/23205038
# Affected Version: Version 3.1
# Tested on: Kali Linux

Step 1. Login to the application with Super Admin credentials

Step 2. Click on "OPD-Out Patient" and then click on "Add Patient" then
select "Add Patient" Again.

Step 3. Insert payload - "><svg/onmouseover=alert(1)> ,  in Name , Guardian
Name  , Email , Address , Remarks and Any Known Allergies and Save it.

Step 4. Now the patient profile will open , when your course will move
around profile details they will show an alert box.