CVE-2022-36203 - OpenCVE

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Doctor\'s Appointment System Project	Doctor\'s Appointment System

Configuration 1 [-]

cpe:2.3:a:doctor\'s_appointment_system_project:doctor\'s_appointment_system:1.0:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
https://github.com/aznull/CVEs	Third Party Advisory
https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-31T20:36:08

Updated: 2022-09-01T17:06:16

Reserved: 2022-07-18T00:00:00

Link: CVE-2022-36203

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-31T21:15:08.813

Modified: 2022-09-06T17:36:48.890

Link: CVE-2022-36203

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-01T17:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/aznull/CVEs"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36203", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html", "refsource": "MISC", "url": "https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html"}, {"name": "https://github.com/aznull/CVEs", "refsource": "MISC", "url": "https://github.com/aznull/CVEs"}, {"name": "http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36203", "datePublished": "2022-08-31T20:36:08", "dateReserved": "2022-07-18T00:00:00", "dateUpdated": "2022-09-01T17:06:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}