FirstBlood-#1268 — Stored XSS at meet drs.pho
This issue was discovered on FirstBlood v3
On 2022-12-09, ayush1098 reported:
I have found a Stored XSS on
/meet_drs.phpendpoint in the
nameparameter. There is a filter which works when we close the tag, if we didn't close the tag, the payload will be executed on
Steps To Reproduce:
drpanel/edit-doctor.php?id=4endpoint and put this payload in name parameter.
The payload will be executed on
Cookie Stealing, Session Hijacking etc..
Thanks & Regards
FirstBlood ID: 54
Vulnerability Type: Stored XSS
It is possible to achieve stored XSS on the /meet_drs.php endpoint via a malicious doctors name