Cross-Site Scripting (XSS) in Appointment Management System (CVE-2024–48807)
Oct 29, 2024
I discovered a CVE in an open-source product and below are the details for it.
Product: Doctor Appointment Management System — 1.0
Issue: The Appointment Management System is vulnerable to XSS as it allows attackers to execute malicious javascript.
CVE Number: CVE-2024–48807
Steps:
1. After logging into the application, go to search.
2. In search tab, inject XSS payload and notice that it executes successfully, confirming the application is vulnerable to XSS.
Happy hunting! 😊