What the vulnerability does
01Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through <= 1.6.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through <= 1.6.7.
Explanation of Vulnerability in Simple Terms
Doctreat versions up to 1.6.7 contain a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts. An attacker with low-level account access can craft input that executes in other users' browsers, potentially stealing session data or performing actions on their behalf. The vulnerability requires an authenticated login but no additional user interaction.
What an attacker can do
Inject and execute malicious scripts in other users' browsers to steal data or perform unauthorized actions.
Potential impact on your site
Authenticated users' sessions and data are at risk; attackers can impersonate users or harvest sensitive information.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no user interaction required from the victim.
Key dates
External resources