CVE-2023-1036

🗓️ 26 Feb 2023 11:49:57Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 75 Views🌐 WEB

Vulnerability in SourceCodester Dental Clinic Appointment Reservation System 1.0 allows remote attackers to initiate cross-site scripting via manipulation of the firstname argument in /APR/signup.php (CVE-2023-1036)

Reporter	Title	Published	Views	Family All 9
CNNVD	Dental Clinic Appointment Reservation System 跨站脚本漏洞	26 Feb 202300:00	–	cnnvd
Cvelist	CVE-2023-1036 SourceCodester Dental Clinic Appointment Reservation System POST Parameter signup.php cross site scripting	26 Feb 202311:49	–	cvelist
EUVD	EUVD-2023-23327	3 Oct 202520:07	–	euvd
NVD	CVE-2023-1036	26 Feb 202312:15	–	nvd
OSV	CVE-2023-1036	26 Feb 202312:15	–	osv
Prion	Cross site scripting	26 Feb 202312:15	–	prion
Positive Technologies	PT-2023-1563 · Sourcecodester · Dental Clinic Appointment Reservation System	26 Feb 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-1036	23 May 202502:57	–	redhatcve
Vulnrichment	CVE-2023-1036 SourceCodester Dental Clinic Appointment Reservation System POST Parameter signup.php cross site scripting	26 Feb 202311:49	–	vulnrichment

NVD

Vulners

Node

dental_clinic_appointment_reservation_system_project dental_clinic_appointment_reservation_systemMatch1.0

[
  {
    "vendor": "SourceCodester",
    "product": "Dental Clinic Appointment Reservation System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ],
    "modules": [
      "POST Parameter Handler"
    ]
  }
]

Source	Link
github	www.github.com/nightcloudos/bug_report/blob/main/vendors/jkev/Dental%20Clinic%20Appointment%20Reservation%20System/XSS-1.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
firstname	request body	/APR/signup.php	Cross-site scripting via POST parameter firstname in /APR/signup.php (SourceCodester Dental Clinic Appointment Reservation System 1.0).	CWE-79

21 Nov 2024 07:38Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.14.3 - 6.1

CVSS 25

CVSS 34.3

EPSS0.00303

SSVC

CWE-79