Bulletmhs

**Name of the Vulnerable Software and Affected Versions** phpgurukul Doctor Appointment Management System version 1.0 **Description** An authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is rendered without proper sanitization when a user visits the website and selects the doctor to book an appointment. **Recommendations** As a temporary workaround, consider restricting the characters allowed in the doctor's profile name field to prevent JavaScript code injection.