Aki123

**Name of the Vulnerable Software and Affected Versions** itsourcecode Hospital Management System version 1.0 **Description** An issue exists in the processing of the '/billing.php' endpoint. Remote attackers can trigger cross-site scripting (XSS)—a technique where malicious scripts are injected into trusted websites—by manipulating the `patientid` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Hospital Management System version 1.0 **Description** A remote SQL injection is possible due to the manipulation of the `Date` argument within an unknown function of the '/adminaccount.php' file. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to manipulate the database. **Recommendations** As a temporary workaround, avoid using the `Date` argument in the '/adminaccount.php' file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Hospital Management System version 1.0 **Description** A flaw in the `/addpatient.php` file allows for remote SQL injection. This occurs through the manipulation of the `admissiontme` argument. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to view, modify, or delete data from the database. **Recommendations** Update itsourcecode Hospital Management System version 1.0 to a patched version. As a temporary workaround, restrict access to the `/addpatient.php` file or avoid using the `admissiontme` parameter until a fix is applied.