Details

    • Complexity:
      Undetermined

      Description

      Steps to reproduce vulnerability:

      1.) From the main page, click on "Appointment Scheduling"
      2.) click "Manage Service Types"

      3.) click "New Service Type"
      4.) set the name of the new service type to the following string:

      " onmouseover="alert('xss')"

      5.) set the duration and description to any normal value
      6.) click "Save"

      • User should be redirected to the "Manage Service Types" page that displays all service types in tabular format

      7.) on the next page, hover mouse over the edit button associated with the new service type in the service type (an xss alert popup should be triggered - see attachment)

        Attachments

          Activity

            People

            • Assignee:
              dkayiwa Daniel Kayiwa
              Reporter:
              isears Isaac Sears [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: