CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.

Add Doctor info payload to Doctor Name of Add Doctor page to target /admin-panel1.php ,then use burpsuite get requests datas,change the 'doctor' parameter to xss payload: `<sCrIpT>alert(1234)</ScRiPt>`

Add Doctor info payload to Doctor Name of Add Doctor page to target /admin-panel1.php ,then use burpsuite get requests datas,change the 'doctor' parameter to xss payload: `<sCrIpT>alert(1234)</ScRiPt>`

![xss-1](https://user-images.githubusercontent.com/95869214/153761354-eaff36cc-c182-4e08-babc-7ac0b7516741.png)

![xss-2](https://user-images.githubusercontent.com/95869214/153761371-1f180369-651b-4a8a-8ca6-3263a11f4e3b.png)  
Proof of concept (Poc)：

<sCrIpT>alert(1234)</ScRiPt>

CVE-2022-25407: Persistent cross-site scripting (XSS) in  targeted towards web admin through /admin-panel1.php  at via the parameter doctor. · Issue #21 · kishan0725/Hospital-Management-System

Headline

CVE-2022-25407: Persistent cross-site scripting (XSS) in targeted towards web admin through /admin-panel1.php at via the parameter doctor. · Issue #21 · kishan0725/Hospital-Management-System

CVE: Latest News