CodeAstro Simple Hospital Management System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in CodeAstro Simple Hospital Management System version 1.0. The issue resides in the POST parameter handler of the /doctor.html file, where user input in the First Name, Last Name, and Address fields is not properly sanitized. This allows attackers to inject malicious scripts that are executed when the page is accessed. The vulnerability can be exploited remotely and requires user interaction.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, send a POST request to the /doctor.html file with injected JavaScript in the First Name, Last Name, or Address fields. The injected script will be executed when the page is viewed, demonstrating the cross-site scripting vulnerability.