CVE-2021-30030

MEDIUM

Remote Clinic 2.0 - Stored Cross-Site Scripting via Full Name Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-30030.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple stored XSS vulnerabilities in RemoteClinic 2.0. It provides step-by-step reproduction steps for each vulnerability, including specific fields and payloads, but does not include functional exploit code.

Description

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/49795

This is a detailed technical writeup describing multiple stored XSS vulnerabilities in RemoteClinic 2.0. It provides step-by-step reproduction steps for each vulnerability, including specific fields and payloads, but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: RemoteClinic 2.0
Auth required
Prerequisites: Valid doctor account credentials · Access to the application's registration and input forms
MITRE ATT&CK
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/remoteclinic/RemoteClinic/issues/1
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/162291/RemoteClinic-2.0-Cross-Site-Scripting.html

Scores

CVSS v3 5.4
EPSS 0.0177
EPSS Percentile 75.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
remoteclinic/remote_clinic 2.0
Published Apr 13, 2021
Tracked Since Feb 18, 2026