# Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS) # Date: 13/04/2021 # Exploit Author: Saud Ahmad # Vendor Homepage: https://remoteclinic.io/ # Software Link: https://github.com/remoteclinic/RemoteClinic # Version: 2.0 # Tested on: Windows 10 # CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039, CVE-2021-30042 #Steps to Reproduce: 1)Login in Application as Doctor. 2)Register a Patient with Full Name Field as XSS Payload: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)> 3)After Register Patient, go to "Patients" endpoint. 4)XSS Executed. For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/1 #Steps to Reproduce: 1)Login in Application as Doctor. 2)Register a Patient. 3)After Register Patient, a page redirect to Register Report Page. 4)Here is "Symptoms" Field as XSS Payload: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)> 4)After Register Report, Click on home which is "dashboard" endpoint. 5)XSS Executed. For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/5 #Steps to Reproduce: 1)Login in Application as Doctor. 2)Register a Patient. 3)After Register Patient, a page redirect to Register Report Page. 4)When you scroll down page two fields there "Fever" and "Blood Pressure", both are vulnerable to XSS, inject XSS Payload in both Fields: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)> 4)After Register Report, Click on home. 5)Now Click on Report, XSS Executed. For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/8 #Steps to Reproduce: 1)Login in Application as Doctor. 2)Register a New Clinic. 3)Here is four fields "Clinic Name", "Clinic Address", "Clinic City" and "Clinic Contact". All are vulnerable to XSS. 4)Inject XSS Payload in all Fields: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)> 4)Now go to Clinic Directory. 5)Click on that Clinic. 6)XSS Executed. For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/11