2 matches found
CVE-2023-6423 Cross-site Scripting vulnerability in BigProf products
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/eventsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...
CVE-2023-6423
Summary: CVE-2023-6423 affects BigProf Online Clinic Management System 2.2, with a persistent XSS in the FirstRecord parameter of /clinic/events_view.php due to insufficient input encoding. This could allow an attacker to store JavaScript payloads that execute when the page loads. Affirmed detail...