Codeastro

**Name of the Vulnerable Software and Affected Versions** CodeAstro Hospital Management System version 1.0 **Description** A vulnerability was found in the CodeAstro Hospital Management System, affecting some unknown functionality of the file /backend/admin/his admin add lab equipment.php of the component Add Laboratory Equipment Page. The manipulation of the arguments `eqp code`, `eqp name`, `eqp vendor`, `eqp desc`, `eqp dept`, `eqp status`, `eqp qty` leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For CodeAstro Hospital Management System version 1.0, as a temporary workaround, consider restricting access to the /backend/admin/his admin add lab equipment.php file until a patch is available. Avoid using the arguments `eqp code`, `eqp name`, `eqp vendor`, `eqp desc`, `eqp dept`, `eqp status`, `eqp qty` in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Hospital Management System version 1.0 **Description** A vulnerability was found in the CodeAstro Hospital Management System, affecting an unknown part of the file /backend/admin/his admin add vendor.php of the component Add Vendor Details Page. The manipulation of the arguments `v name`, `v adr`, `v number`, `v email`, `v phone`, `v desc` leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For CodeAstro Hospital Management System version 1.0, as a temporary workaround, consider restricting access to the /backend/admin/his admin add vendor.php file until a patch is available. Avoid using the arguments `v name`, `v adr`, `v number`, `v email`, `v phone`, `v desc` in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Hospital Management System version 1.0 **Description** A vulnerability has been found in the CodeAstro Hospital Management System, affecting an unknown functionality of the file /backend/admin/his admin register patient.php of the component Add Patient Details Page. The manipulation of the arguments `pat fname`, `pat ailment`, `pat lname`, `pat age`, `pat dob`, `pat number`, `pat phone`, `pat type`, and `pat addr` leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For CodeAstro Hospital Management System version 1.0, as a temporary workaround, consider validating and sanitizing the inputs for the arguments `pat fname`, `pat ailment`, `pat lname`, `pat age`, `pat dob`, `pat number`, `pat phone`, `pat type`, and `pat addr` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.