Cross-Site Scripting (XSS) in Appointment Management System (CVE-2024–48807)

--

I discovered a CVE in an open-source product and below are the details for it.

Product: Doctor Appointment Management System — 1.0

Issue: The Appointment Management System is vulnerable to XSS as it allows attackers to execute malicious javascript.

CVE Number: CVE-2024–48807

Steps:

1. After logging into the application, go to search.

2. In search tab, inject XSS payload and notice that it executes successfully, confirming the application is vulnerable to XSS.

Happy hunting! 😊

--

--

No responses yet