PT-2025-35815 · Phpgurukul · Doctor Appointment Management System

Ayman Al-Hakimi

Publicado

2025-09-03

Atualizado

2025-09-03

CVE-2025-45805

CVSS v3.1

7.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions phpgurukul Doctor Appointment Management System version 1.0

Description An authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is rendered without proper sanitization when a user visits the website and selects the doctor to book an appointment.

Recommendations As a temporary workaround, consider restricting the characters allowed in the doctor's profile name field to prevent JavaScript code injection.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2025-45805

Produtos afetados

Doctor Appointment Management System

PT-2025-35815 · Phpgurukul · Doctor Appointment Management System

CVE-2025-45805

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7