CVE-2023-6425
MEDIUMBigProf Online Clinic Management System 2.2 - XSS
Title source: llmDescription
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Rafael Pedrero · textwebappsphp
https://www.exploit-db.com/exploits/51439
Scores
CVSS v3
6.3
EPSS
0.0017
EPSS Percentile
38.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-79
Status
published
Products (1)
bigprof/online_clinic_management_system
2.2
Published
Nov 30, 2023
Tracked Since
Feb 18, 2026