CVE-2021-25791 Information

Description

Multiple stored cross site scripting (XSS) vulnerabilities in the �pdate Profile\ module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name Last Name and Address text fields.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://www.exploit-db.com/exploits/49396 https://www.sourcecodester.com https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4