ByteOS Network

NVD Vulnerability Details :

CVE-2022-36203

Analyzed

Source-cve@mitre.org

Published At-31 Aug, 2022 | 21:15

Updated At-06 Sep, 2022 | 17:36

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CPE Matches

doctor\'s_appointment_system_project>>doctor\'s_appointment_system>>1.0

cpe:2.3:a:doctor\'s_appointment_system_project:doctor\'s_appointment_system:1.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html	cve@mitre.org	Exploit Third Party Advisory VDB Entry
https://github.com/aznull/CVEs	cve@mitre.org	Third Party Advisory
https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html	cve@mitre.org	Product

Hyperlink: http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

VDB Entry

Hyperlink: https://github.com/aznull/CVEs

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html

Source: cve@mitre.org

Resource:

Product

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History