Headline
CVE-2022-22853: GitHub - Dheeraj-Deshmukh/stored-xss-in-Hospital-s-Patient-Records-Management-System
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Name field.
stored-xss-in-Hospital-s-Patient-Records-Management-System
Proof of concept :
Step 1 : Login to the application
Step 2 : Come to the user list option
Step 3 : Click on add new user
Step 4 : Add xss payload in firstname field & save it
Step 5 : Now visit to user list we see that our payload executed successfully.