CVE-2021-30034

MEDIUM

Remote Clinic 2.0 - Stored Cross-Site Scripting via Symptoms Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-30034.

AI-analyzed exploit summary This is a detailed writeup describing multiple stored XSS vulnerabilities in RemoteClinic 2.0, including steps to reproduce and references to GitHub issues. It does not contain functional exploit code but provides technical details about the vulnerabilities.

Description

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/49795

This is a detailed writeup describing multiple stored XSS vulnerabilities in RemoteClinic 2.0, including steps to reproduce and references to GitHub issues. It does not contain functional exploit code but provides technical details about the vulnerabilities.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: RemoteClinic 2.0
Auth required
Prerequisites: Valid credentials for a Doctor account in RemoteClinic
MITRE ATT&CK
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/remoteclinic/RemoteClinic/issues/5
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/162291/RemoteClinic-2.0-Cross-Site-Scripting.html

Scores

CVSS v3 5.4
EPSS 0.0177
EPSS Percentile 75.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
remoteclinic/remote_clinic 2.0
Published Apr 13, 2021
Tracked Since Feb 18, 2026