Headline
CVE-2022-37150: GitHub - Fjowel/CVE-2022-37150: Online Diagnostic Lab Management System Stored XSS
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.
CVE-2022-37150
Online Diagnostic Lab Management System Stored XSS
Vul name: odlms stored xss
Affected Product: Online Diagnostic Lab Management System v1.0
Affected or fixed version(s): At present, the manufacturer has not released an upgrade patch to fix this security problem
Vul Type:Cross-site script
Impact: The vulnerability can be used to excute any js script by hackers, which causes cookies disclosure, js script injection and phishing.
vul page: /fw.login.php
vul param: firstname, address, middlename, lastname , gender, email, contact
payload:
Source Code: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html