fkie_cve-2022-36203
Vulnerability from fkie_nvd
Published
2022-08-31 21:15
Modified
2024-11-21 07:12
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.
References
cve@mitre.orghttp://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.htmlExploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://github.com/aznull/CVEsThird Party Advisory
cve@mitre.orghttps://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.htmlProduct
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://github.com/aznull/CVEsThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.htmlProduct
Impacted products
Vendor Product Version
doctor\'s_appointment_system_project doctor\'s_appointment_system 1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:doctor\\\u0027s_appointment_system_project:doctor\\\u0027s_appointment_system:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7823F3E3-1620-422E-96A2-C2B4636CF5E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Doctor\u0027s Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS."
    },
    {
      "lang": "es",
      "value": "Doctors Appointment System versi\u00f3n 1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del panel de administraci\u00f3n. Adem\u00e1s, conlleva a una toma de control de la cuenta de administrador mediante el robo de la cookie por medio de un ataque de tipo XSS"
    }
  ],
  "id": "CVE-2022-36203",
  "lastModified": "2024-11-21T07:12:36.097",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-31T21:15:08.813",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/aznull/CVEs"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/aznull/CVEs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.