CVE-2022-36548

MEDIUM LAB

Edoc-doctor-appointment-system v1.0.1 - XSS

Title source: llm

Description

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field.

References (2)

Core 2

Core References

Product, Third Party Advisory x_refsource_misc

https://github.com/HashenUdara/edoc-doctor-appointment-system

View Writeup ZIP pw:eip

Broken Link, Exploit, Third Party Advisory x_refsource_misc

https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20%28XSS%29.md

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0022

EPSS Percentile 44.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull mariadb:10.5

https://github.com/onEpAth936/cve

https://github.com/HashenUdara/edoc-doctor-appointment-system

View in Library

Details

CWE

CWE-79

Status published

Products (1)

hashenudara/edoc-doctor-appointment-system 1.0.1

Published Aug 26, 2022

Tracked Since Feb 18, 2026