FirstBlood-#1757Stored xss in doctors bio via about.php
This issue was discovered on FirstBlood v3

On 2022-12-15, didsec Level 5 reported:

I have discovered a stored XSS vulnerability affecting the doctors bio that is vulnerable on the about.php page


<img/src=x onerror=alert(document.domain)>

To reproduce:

  1. Visit and intercept the request
  2. Change the request to a PUT request
  3. Add the following JSON to the data and forward the request. You must use drId 3 (Jon) as only this doctor appears on the about page
    {"name": "Edited",
    "bio":"<img/src=x onerror=alert(document.domain)>",
    "tagline":"Even more editing here",

  1. Visit and the xss will execute


  1. The attacker could steal a user's cookies.
  2. The attacker can steal data from whoever views the page.
  3. Users can execute arbitrary JavaScript code in the context of other users.

P2 High

FirstBlood ID: 74
Vulnerability Type: Stored XSS

It is possible to achieve stored XSS via the doctors bio on about.php (doctor ID 3) and meet_drs.php (only doctor ID 1 and 2 are affected)