EUVD-2023-58662

ID: EUVD-2023-58662

Severity: medium

CVSS v4: Not provided

CVSS v3: 6.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CWE: None listed

Source: ENISA

Description

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.

Timestamps

Normalized: 2026-02-06T23:11:30Z UTC
Last updated: 2026-02-06T23:11:30Z UTC

References

No references provided.

VulnAI

EUVD-2023-58662

Description

Timestamps

References