PHP Scripts Mall PHP Appointment Booking Script has HTML injection via an edit my profile: [CVE-2019-9066]

Vulnerability Description =>HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.

↓ ↓ ↓ ↓ How to Exploit ↓ ↓ ↓ ↓

1. Go to the PHP Appointment Booking Script site (
⇓ ⇓ ⇓ ⇓

2. First, register and verify your account
⇓ ⇓ ⇓ ⇓

3. Now login into your account using username and password
⇓ ⇓ ⇓ ⇓

4. Goto my account and click edit account
⇓ ⇓ ⇓ ⇓

5. Type HTML code in any input area and Click on Update
(etc: <h1>HTML Injection Testing</h1>)
⇓ ⇓ ⇓ ⇓

6. Now you can see the HTML injection on your account
⇓ ⇓ ⇓ ⇓


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at

Up ↑

Create your website at
Get started
%d bloggers like this: