CVE-2022-30017
Description
Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Rescue Dispatch Management System 1.0 contains a stored XSS vulnerability that allows attackers to steal admin cookies and take over accounts.
Vulnerability
Rescue Dispatch Management System version 1.0, developed by oretnom23 and available on SourceCodester [1], suffers from a stored cross-site scripting (XSS) vulnerability. The application fails to sanitize user-supplied input before storing it in the database and later rendering it on administrative pages. An attacker can inject arbitrary JavaScript code into fields such as incident type names or respondent type names, which are then executed when an administrator views the affected page [2].
Exploitation
An attacker must have access to the system as a registered user (Staff role or higher) to submit malicious input through the application's forms. The injected script is stored on the server and executed by the browser of any administrator who visits the page displaying the malicious content. The attacker does not need any privileged access initially; a lower-privileged staff account capable of adding incident types or respondents is sufficient. The stored script can be crafted to send the administrator's session cookie to an attacker-controlled server [2].
Impact
Successful exploitation allows the attacker to steal the session cookie of an authenticated administrator. With the stolen cookie, the attacker can impersonate the administrator and gain full control over the Rescue Dispatch Management System, including management of incident types, respondent teams, and system settings. This leads to a complete compromise of the application's confidentiality, integrity, and availability [2].
Mitigation
As of the publication date, no official patch or updated version has been released for Rescue Dispatch Management System 1.0 by the vendor. The project repository on SourceCodester [1] does not include a fix. Administrators are advised to sanitize all user inputs and encode output using functions like htmlspecialchars() in PHP. Additionally, implement HTTP-only and Secure flags on session cookies to mitigate cookie theft. Until a patched version is provided, the application remains vulnerable and should be used with caution in production environments [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Rescue Dispatch Management System/Rescue Dispatch Management Systemdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/offsecin/bugsdisclose/blob/main/stored-xssmitrex_refsource_MISC
- www.sourcecodester.com/php/15296/rescue-dispatch-management-system-phpoop-free-source-code.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.