• CVE ID: CVE-2023-7173
• Vulnerability Type: Stored XSS
• Affected Component: User login page
• Vulnerable Parameter: Fullname
• Ventor Details: phpgurukul.com
• Vulnerable Version: Hospital Management System 1.0

Stored Cross-Site Scripting (XSS) is a serious web vulnerability that allows malicious code to be injected into a website, stored in the database, and later executed when other users view the infected page. In this specific case, the vulnerability is found in the user login page of a Hospital Management System (HMS), where the "Fullname" parameter is susceptible to stored XSS attacks. The lack of proper input validation and data sanitization allows an attacker to inject malicious scripts, potentially compromising user accounts, stealing sensitive information, or performing unauthorized actions.

git clone https://github.com/sharathc213/CVE-2023-7172.git
cd CVE-2023-7172

docker-compose up -d

• Open a web browser and navigate to the user registration form at http://localhost:8080/hms/registration.php

• Input the following payload in the "Fullname" field:

  <img src="x" onerror=alert(document.cookie)>
  

  
• Complete the other required fields with valid information.

• Click the "Submit" button to send the registration data to the server.

• Receive a successful registration confirmation message.

• Navigate to the login page at http://localhost:8080/hms/user-login.php.

• In the login form, enter the email address used for registration.

• Submit the login form by clicking the "Log In" button.

• Upon successful login, the XSS payload should trigger an alert box displaying the user's cookies, indicating the existence of the Stored XSS vulnerability.

A Stored XSS vulnerability in a Hospital Management System can have severe consequences, including:

1. Patient Data Exposure:

   • Potential theft of sensitive patient data for identity theft or fraud.

2. Patient Safety Risks:

   • Unauthorized changes in patient records could jeopardize patient safety.

3. Unauthorized Actions:

   • Attacker could execute actions on behalf of users, leading to unauthorized access and potential misuse.

4. Trust Erosion:

   • Harm to the reputation of the healthcare facility due to breached trust.

5. Regulatory Non-Compliance:

   • Violation of data protection regulations, resulting in fines and legal consequences.

6. Disruption of Healthcare Services:

   • Possible disruptions in patient care, prescription errors, or misdiagnoses with severe health implications.

7. Legal and Ethical Implications:

   • Legal liability for any harm caused, along with ethical concerns about patient privacy.

8. Financial Consequences:

   • Costs associated with remedying the breach, including investigations, system upgrades, and legal expenses.

To address this vulnerability, implement the following mitigation measures:

• Input Validation and Sanitization:
  • Implement strict input validation and data sanitization routines to ensure that user-generated content is free from malicious code. This includes validating data on both the client and server sides.

This project is intentionally vulnerable and should only be used for educational and testing purposes. Do not deploy this in a production environment.