CVE-2021-30044

MEDIUM

Remote Clinic 2.0 - Stored Cross-Site Scripting via Staff Registration First or Last Name Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-30044. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in RemoteClinic 2 by automating login and injecting malicious JavaScript payloads into form fields. It uses Selenium to interact with the web application and trigger the XSS via crafted input.

Description

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · pythonwebappsphp
https://www.exploit-db.com/exploits/49781

This exploit demonstrates a stored XSS vulnerability in RemoteClinic 2 by automating login and injecting malicious JavaScript payloads into form fields. It uses Selenium to interact with the web application and trigger the XSS via crafted input.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: RemoteClinic 2
Auth required
Prerequisites: Valid credentials for RemoteClinic · Selenium WebDriver · Chrome/Firefox/Safari browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/remoteclinic/RemoteClinic/issues/13
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/162262/RemoteClinic-2-Cross-Site-Scripting.html

Scores

CVSS v3 5.4
EPSS 0.0177
EPSS Percentile 75.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
remoteclinic/remote_clinic 2.0
Published Apr 13, 2021
Tracked Since Feb 18, 2026