Campcodes Online Hospital Management System Cross-Site Scripting Vulnerability in Patient Search Module
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in Campcodes Online Hospital Management System version 1.0. The issue arises in the Patient Search Module, specifically within the file '/admin/patient-search.php'. The vulnerability is triggered by manipulating the 'Search by Name Mobile No' argument, allowing for the injection of malicious scripts. This issue can be exploited remotely and requires user interaction.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser session. This could lead to theft of cookies, session hijacking, or other malicious actions.
Reproduction
To reproduce this vulnerability, navigate to the Patient Search module in the admin panel. Enter a payload script into the 'Search by Name Mobile No' field. Upon submission, the injected script will be executed, demonstrating the cross-site scripting vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.