CVE-2021-31327

MEDIUM

Remote Clinic 2.0 - Stored Cross-Site Scripting via Medicine Name Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-31327. PoCs published by Saud Ahmad.

AI-analyzed exploit summary This is a detailed writeup describing multiple stored XSS vulnerabilities in RemoteClinic 2.0, with steps to reproduce each vulnerability. It does not contain executable exploit code but provides payload examples and references to GitHub issues.

Description

Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.

Exploits (1)

exploitdb WRITEUP

by Saud Ahmad · textwebappsphp

https://www.exploit-db.com/exploits/49795

View Code ZIP pw:eip

This is a detailed writeup describing multiple stored XSS vulnerabilities in RemoteClinic 2.0, with steps to reproduce each vulnerability. It does not contain executable exploit code but provides payload examples and references to GitHub issues.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: RemoteClinic 2.0

Auth required

Prerequisites: Valid doctor credentials · Access to vulnerable input fields

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/remoteclinic/RemoteClinic/issues/14

Scores

CVSS v3 5.4

EPSS 0.0166

EPSS Percentile 73.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

remoteclinic/remote_clinic 2.0

Published Apr 21, 2021

Tracked Since Feb 18, 2026