{
  "schema_version": "1.4.0",
  "id": "GHSA-62g8-f48c-frqp",
  "modified": "2022-05-24T19:19:49Z",
  "published": "2022-05-24T19:19:49Z",
  "aliases": [
    "CVE-2021-39416"
  ],
  "details": "Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39416"
    },
    {
      "type": "WEB",
      "url": "https://github.com/remoteclinic/RemoteClinic/issues/17"
    },
    {
      "type": "WEB",
      "url": "https://remoteclinic.io"
    },
    {
      "type": "WEB",
      "url": "https://sisl.lab.uic.edu/projects/chess/remote-clinic"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-05T16:15:00Z"
  }
}