Vulnerability Details CVE-2022-36203
Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.7%
CVSS Severity
CVSS v3 Score 6.1
References
- http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html
- https://github.com/aznull/CVEs
- https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html
- http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html
- https://github.com/aznull/CVEs
- https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html
Products affected by CVE-2022-36203
-
cpe:2.3:a:doctor's_appointment_system_project:doctor's_appointment_system:1.0