CVE-2023-1006Cross-site Scripting in Medical Certificate Generator APP

CWE-79Cross-site ScriptingCWE-909Missing Initialization of Resource6 documents6 sources
Severity
5.4MEDIUMNVD
CNA3.5
EPSS
0.1%
top 71.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Medical Certificate Generator APPMedical Certificate Generator APP Project Medical Certificate Generator APP
Timeline
PublishedFeb 24
Latest updateDec 24

Description

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument Firstname/Middlename/Lastname/Suffix/Nationality/Doctor Fullname/Doctor Suffix with the input ">prompt(1) leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

🔴Vulnerability Details

3
OSV
drm/amdkfd: Fix kernel warning during topology setup2025-12-24
CVEList
SourceCodester Medical Certificate Generator App New Record cross site scripting2023-02-24
GHSA
GHSA-j6m9-rjm3-mq89: A vulnerability was found in SourceCodester Medical Certificate Generator App 12023-02-24

📋Vendor Advisories

1
Red Hat
kernel: drm/amdkfd: Fix kernel warning during topology setup2025-12-24

🕵️Threat Intelligence

1
Wiz
CVE-2023-54144 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2023-1006 — Cross-site Scripting | cvebase