CVE-2021-25791

MEDIUM

Online Doctor Appointment System Php Full Source Code - XSS

Title source: rule

Description

Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.

Exploits (2)

exploitdb WRITEUP

by Mohamed habib Smidi · textwebappsphp

https://www.exploit-db.com/exploits/49396

View Code ZIP pw:eip

nomisec SUSPICIOUS 1 stars

by MrCraniums · poc

https://github.com/MrCraniums/CVE-2021-25791-Multiple-Stored-XSS

View Code ZIP pw:eip

References (3)

[Product] https://www.sourcecodester.com

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49396

[Product] https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html

Scores

CVSS v3 5.4

EPSS 0.0014

EPSS Percentile 33.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

online_doctor_appointment_system_php_full_source_code_project/online_doctor_appointment_system_php_full_source_code 1.0

Published Jul 23, 2021

Tracked Since Feb 18, 2026