CVE-2021-25791 - Vulnerability Details - OpenCVE

Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Online Doctor Appointment System Php Full Source Code Project	Online Doctor Appointment System Php Full Source Code

Configuration 1 [-]

cpe:2.3:a:online_doctor_appointment_system_php_full_source_code_project:online_doctor_appointment_system_php_full_source_code:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.exploit-db.com/exploits/49396
https://www.sourcecodester.com
https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-23T17:44:16

Updated: 2024-08-03T20:11:28.516Z

Reserved: 2021-01-22T00:00:00

Link: CVE-2021-25791

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-07-23T18:15:08.193

Modified: 2024-11-21T05:55:27.030

Link: CVE-2021-25791

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple stored cross site scripting (XSS) vulnerabilities in the \"Update Profile\" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-23T17:44:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.sourcecodester.com"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/49396"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-25791", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stored cross site scripting (XSS) vulnerabilities in the \"Update Profile\" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.sourcecodester.com", "refsource": "MISC", "url": "https://www.sourcecodester.com"}, {"name": "https://www.exploit-db.com/exploits/49396", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/49396"}, {"name": "https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html", "refsource": "MISC", "url": "https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:11:28.516Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sourcecodester.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.exploit-db.com/exploits/49396"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-25791", "datePublished": "2021-07-23T17:44:16", "dateReserved": "2021-01-22T00:00:00", "dateUpdated": "2024-08-03T20:11:28.516Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:online_doctor_appointment_system_php_full_source_code_project:online_doctor_appointment_system_php_full_source_code:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C2CAB04-D447-44AD-873F-44CFD73CFB49", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stored cross site scripting (XSS) vulnerabilities in the \"Update Profile\" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cross site scripting (XSS) almacenadas en el m\u00f3dulo \"Update Profile\" de Online Doctor Appointment System versi\u00f3n 1.0, permiten a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de cargas \u00fatiles dise\u00f1adas en los campos de texto First Name, Last Name y Address"}], "id": "CVE-2021-25791", "lastModified": "2024-11-21T05:55:27.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-23T18:15:08.193", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/49396"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.sourcecodester.com"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/49396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.sourcecodester.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}