Vulners
Lucene search
RemoteClinic 2.0 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 41 |
|---|---|---|---|---|
 | RemoteClinic 2.0 - (Multiple) Stored Cross-Site Scripting (XSS) Vulnerability | 22 Apr 202100:00 | – | zdt |
 | CVE-2021-30030 | 22 Apr 202111:28 | – | circl |
| CVE-2021-30034 | 22 Apr 202111:28 | – | circl |
| CVE-2021-30039 | 22 Apr 202111:28 | – | circl |
| CVE-2021-30042 | 22 Apr 202111:28 | – | circl |
 | Saad Irfan RemoteClinic 跨站脚本漏洞 | 12 Apr 202100:00 | – | cnnvd |
| Saad Irfan RemoteClinic 跨站脚本漏洞 | 12 Apr 202100:00 | – | cnnvd |
| Saad Irfan RemoteClinic 跨站脚本漏洞 | 12 Apr 202100:00 | – | cnnvd |
| Saad Irfan RemoteClinic 跨站脚本漏洞 | 12 Apr 202100:00 | – | cnnvd |
 | Remote Clinic Cross-Site Scripting Vulnerability (CNVD-2021-28261) | 13 Apr 202100:00 | – | cnvd |
10
`# Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
# Date: 13/04/2021
# Exploit Author: Saud Ahmad
# Vendor Homepage: https://remoteclinic.io/
# Software Link: https://github.com/remoteclinic/RemoteClinic
# Version: 2.0
# Tested on: Windows 10
# CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039, CVE-2021-30042
#Steps to Reproduce:
1)Login in Application as Doctor.
2)Register a Patient with Full Name Field as XSS Payload: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>
3)After Register Patient, go to "Patients" endpoint.
4)XSS Executed.
For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/1
#Steps to Reproduce:
1)Login in Application as Doctor.
2)Register a Patient.
3)After Register Patient, a page redirect to Register Report Page.
4)Here is "Symptoms" Field as XSS Payload: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>
4)After Register Report, Click on home which is "dashboard" endpoint.
5)XSS Executed.
For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/5
#Steps to Reproduce:
1)Login in Application as Doctor.
2)Register a Patient.
3)After Register Patient, a page redirect to Register Report Page.
4)When you scroll down page two fields there "Fever" and "Blood Pressure", both are vulnerable to XSS, inject XSS Payload in both Fields: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>
4)After Register Report, Click on home.
5)Now Click on Report, XSS Executed.
For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/8
#Steps to Reproduce:
1)Login in Application as Doctor.
2)Register a New Clinic.
3)Here is four fields "Clinic Name", "Clinic Address", "Clinic City" and "Clinic Contact". All are vulnerable to XSS.
4)Inject XSS Payload in all Fields: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>
4)Now go to Clinic Directory.
5)Click on that Clinic.
6)XSS Executed.
For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/11
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Apr 2021 00:00Current
5.5Medium risk
Vulners AI Score5.5
EPSS0.00421