CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39416
https://notcve.org/view.php?id=CVE-2021-39416
Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters. Se presentan múltiples vulnerabilidades de tipo Cross Site Scripting (XSS) en Remote Clinic versión v2.0 en el archivo (1) patients/register-patient.php por medio de los parámetros (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, y (i) serial; en el archivo (2) patients/edit-patient.php por medio de los parámetros (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender ; en el archivo (3) staff/edit-my-profile.php por medio de los parámetros (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address ; y en el archivo (4) clinics/settings.php por medio de los parámetros (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email • https://github.com/remoteclinic/RemoteClinic/issues/17 https://remoteclinic.io https://sisl.lab.uic.edu/projects/chess/remote-clinic • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-31327 – RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-31327
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field. Una vulnerabilidad de tipo XSS almacenado en Remote Clinic versión v2.0, en /medicines debido a un Campo de Nombre Medicine • https://www.exploit-db.com/exploits/49795 https://github.com/remoteclinic/RemoteClinic/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-31329 – RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-31329
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Remote Clinic versión v2.0, por medio del campo "Chat" y "Personal Address" en el archivo staff/register.php • https://www.exploit-db.com/exploits/49795 https://github.com/remoteclinic/RemoteClinic/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-30030 – RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-30030
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Remote Clinic versión v2.0 por medio del campo Full Name en el archivo register-patient.php RemoteClinic version 2.0 suffers from multiple persistent cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/49795 http://packetstormsecurity.com/files/162291/RemoteClinic-2.0-Cross-Site-Scripting.html https://github.com/remoteclinic/RemoteClinic/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-30034 – RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-30034
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Remote Clinic versión v2.0 por medio del campo Symptons en el archivo patients/register-report.php RemoteClinic version 2.0 suffers from multiple persistent cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/49795 http://packetstormsecurity.com/files/162291/RemoteClinic-2.0-Cross-Site-Scripting.html https://github.com/remoteclinic/RemoteClinic/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •