Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-42869: CVE-2021-42869: Chikitsa 2.0.2 XSS vulnerability

A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages.

CVE
#xss#vulnerability#java

Vulnerabilty found in Chikitsa by “HAXSS” a Reinforcement Learning Agent for Cross Site Scripting (XSS) testing.

Description:

The “Last Name” field of the “/patient/insert” page of Chikitsa 2.0.2 is subject to a Cross Site Scripting (XSS) vulnerability, that appears on multiple pages: /patient/patient_report, /appointment/appointment_report, /patient/visit_report, /patient/bill_detail_report This allows malicious users to send an authenticated POST HTTP request to inject JavaScript or HTML.

Known Payloads:

  • </script><style onload=alert(token)> </style>
  • ></script><script> onerror=alert(token)</script>

Steps to Reproduce:

1. Log into the admin panel (‘index.php/login/index’).

2. Use the dashboard to navigate to the Add Patient page (‘/patient/insert’)

3. Edit the “Last Name” field on the page to a malicious payload

4. Save the settings

5. Navigate to any of 'patient/patient_report’, 'patient/visit_report’, ‘patient/bill_detail_report’ and the vulerbility is shown

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907