Hospital Management System 1.0 Cross Site Scripting
2024-4-3 02:58:44 Author:查看原文) 阅读量:6 收藏

# Exploit Title: Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
# Google Dork: NA
# Date: 28-03-2024
# Exploit Author: Sandeep Vishwakarma
# Vendor Homepage:
# Software Link:
# Version: v1.0
# Tested on: Windows 10
# CVE : CVE-2024-29412
# Description: Stored Cross Site Scripting vulnerability in
Hospital Management System - v1.0 allows an attacker to execute arbitrary
code via a crafted payload to the 'patient_id',
'first_name','middle_initial' ,'last_name'" in /receptionist.php component.

# POC:
1. Go to the User Login page: "
2. Login with "r1" ID which is redirected to "
3. In Patient information functionality add this payload
"><script>alert('1')</script> ,in all parameter.
4. click on submit.

# Reference: