Cross Site Scripting (XSS) Vulnerability in Doctor's Appointment System 1.0 Allows Administrator Account Takeover

Cross Site Scripting (XSS) Vulnerability in Doctor's Appointment System 1.0 Allows Administrator Account Takeover

CVE-2022-36203 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.

Learn more about our Web Application Penetration Testing UK.