CVE-2021-38152

2021-08-09T00:00:00
ID AKB:D274924A-0697-4AF3-869A-34844FC6CD0E
Type attackerkb
Reporter AttackerKB
Modified 2021-08-09T00:00:00

Description

CVE-mitre:index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.
nu11secur1ty: XSS-Stored – Brutal PWNED on Chikitsa 2.0.0 parameter “name” + User: Unrestricted File Upload “.php”

Recent assessments:

nu11secur1ty at August 09, 2021 1:20pm UTC reported:

CVE-mitre:index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.
nu11secur1ty: XSS-Stored – Brutal PWNED on Chikitsa 2.0.0 parameter “name” + User: Unrestricted File Upload “.php”

Reproduce:

<https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38152>

Proof:

<https://streamable.com/wbo5c1>

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5