CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php

  

@@ -0,0 +1,19 @@

# CVE-2022-22851

# Exploit Title: HPRMS - 'doctors' Stored XSS

# Exploit Author: (Sant268)

# Vendor Homepage: https://www.sourcecodester.com/

# Software Link: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html

# Version: HPRMS 1.0

# Tested on: Ubuntu 20, Apache

# CVE: CVE-2022-22851

  

\- Description:

A XSS issue in HPRMS v.1.0 allows remote attackers to inject JavaScript via /articles in the description parameter.

  

\- Payload used:

<img src =q onerror=prompt(8)>

  

\- Steps to reproduce:

1- Go to http://victim.com/admin/?page=doctors

2- Add a Doctor, paste the payload in specialisation

3- Alert will pop whenever the page is accessed.

Headline

CVE-2022-22851: Create CVE-2022-22851.md · Sant268/CVE-2022-22851@1738137

CVE-2022-22851

Exploit Title: HPRMS - ‘doctors’ Stored XSS

Exploit Author: (Sant268)

Vendor Homepage: https://www.sourcecodester.com/

Software Link: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html

Version: HPRMS 1.0

Tested on: Ubuntu 20, Apache

CVE: CVE-2022-22851

CVE: Latest News