Remote Clinic
CVE-2021-31327
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
AnalysisAI
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field. Affected products include: Remoteclinic Remote Clinic.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Remote Clinic
View allRemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index
RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. Rated critical severity (CV
RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. Rated critical severity
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged
Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php vi
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php. Rate
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. Rated medi
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Cont
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-repo
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. Rated medium se
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. Rated medium severity
A vulnerability has been found in RemoteClinic up to 2.0.php. Rated low severity (CVSS 2.1), this vulnerability is remot
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today