CNVD-2022-09304 — Vulnetix

CNVD-2022-09304 PUBLISHED

SourceCodester Online Covid Vaccination Scheduler System是SourceCodester公司的一个应用系统。通过可靠的疫苗计划和队列管理解决方案有效管理 COVID-19 疫苗接种。 Sourcecodester Online Covid vaccine Scheduler Systemv1版本存在跨站脚本漏洞，该漏洞源于软件lid参数缺少对于用户数据的转义或过滤，攻击者可利用该漏洞通过 /scheduler/addSchedule.php的lid参数执行的任意代码。

Affected Products

Vendor	Product	Versions
	SourceCodester Sourcecodester Online Covid Vaccination Scheduler System

Exploit Intelligence

macos_v2_generated.go (github-poc)
glcve_test.go (github-poc)
macos_v1_generated.go (github-poc)

Timeline

Feb 9, 2022 CVE ID Reserved
Feb 10, 2022 CVE Published

References

https://nvd.nist.gov/vuln/detail/CVE-2021-4193 url

Open in Interactive Console →