Details

    • Complexity:
      Undetermined

      Description

      Steps to reproduce vulnerability:

      1.) From the main page, click on "Appointment Scheduling"
      2.) click "Manage Service Types"

      3.) click "New Service Type"
      4.) set the name of the new service type to the following string:

      " onmouseover="alert('xss')"

      5.) set the duration and description to any normal value
      6.) click "Save"

      • User should be redirected to the "Manage Service Types" page that displays all service types in tabular format

      7.) on the next page, hover mouse over the edit button associated with the new service type in the service type (an xss alert popup should be triggered - see attachment)

        Attachments

          Activity

            People

            Assignee:
            dkayiwa Daniel Kayiwa
            Reporter:
            isears Isaac Sears [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: