Campcodes Online Hospital Management System Cross-Site Scripting Vulnerability in Edit Profile Page
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in Campcodes Online Hospital Management System version 1.0. The issue arises in the Edit Profile Page, specifically within the '/edit-profile.php' file. The vulnerability is triggered by manipulating the 'Username' argument, allowing for the injection and execution of malicious scripts. This issue can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser. This could lead to the theft of session tokens, unauthorized actions, or compromise of user accounts.
Reproduction
To reproduce this vulnerability, navigate to the Edit Profile Page of the Campcodes Online Hospital Management System version 1.0. Manipulate the 'Username' field by injecting a script or malicious payload. Once the profile is saved, the injected script will execute, demonstrating the cross-site scripting vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.