CVE-2022-36547

MEDIUM LAB

Edoc-doctor-appointment-system v1.0.1 - XSS

Title source: llm

Description

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.

References (2)

Core 2

Core References

Product, Third Party Advisory x_refsource_misc

https://github.com/HashenUdara/edoc-doctor-appointment-system

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Reflected%20Cross%20Site%20Scripting%20%28XSS%29.md

View Writeup ZIP pw:eip

Scores

CVSS v3 6.1

EPSS 0.0025

EPSS Percentile 47.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull mariadb:10.5

https://github.com/onEpAth936/cve

https://github.com/HashenUdara/edoc-doctor-appointment-system

View in Library

Details

CWE

CWE-79

Status published

Products (1)

hashenudara/edoc-doctor-appointment-system 1.0.1

Published Aug 26, 2022

Tracked Since Feb 18, 2026