PHPGurukal Hospital Management System Cross-Site Scripting Vulnerability

A stored Cross-Site Scripting (XSS) vulnerability exists in PHPGurukal Hospital Management System version 4.0. The issue is located in the '/hospital/hms/edit-profile.php' page, where an authenticated attacker (patient) can inject a malicious script into the User Name parameter. This injected script is saved within the application and later executed in the doctor's interface, potentially leading to session hijacking and account takeover.

Impact

Exploitation of this vulnerability allows for session hijacking and unauthorized access to the accounts of doctors, along with the associated sensitive information.

Reproduction

To reproduce this vulnerability, log in as an authenticated patient and go to '/hospital/hms/edit-profile.php'. Inject a script payload into the User Name parameter, which will be stored and later executed. After injecting the payload, navigate to '/hospital/hms/book-appointment.php' and create an appointment with a doctor to ensure the payload is executed. Then, log in as a doctor and access the appointment history, where the injected script will execute and steal the session cookie. This cookie can be used to hijack the doctor's session and access their account.