Kirito999

#20038of 53,632
12.9Total CVSS
Vulnerabilities · 3
Medium
3
PT-2025-3373
4.5
2025-01-21
Unknown · Phpgurukul Hospital Management System · CVE-2024-56990
**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 4.0 **Description** The issue concerns Cross Site Scripting (XSS) in specific API endpoints, namely "/view-medhistory.php" and "/admin/view-patient.php". This allows for potential malicious script injection and execution. **Recommendations** For PHPGurukul Hospital Management System version 4.0, consider disabling access to the "/view-medhistory.php" and "/admin/view-patient.php" endpoints until a patch is available. Restrict input validation for these endpoints to minimize the risk of XSS exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-3374
4.2
2025-01-21
Unknown · Phpgurukul Hospital Management System · CVE-2024-56997
**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 4.0 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability in the /doctor/index.php file, where an attacker can inject malicious code via the `Email` parameter. This allows for potential code execution and unauthorized access. **Recommendations** For PHPGurukul Hospital Management System version 4.0, as a temporary workaround, consider restricting access to the /doctor/index.php file or disabling the `Email` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-3375
4.2
2025-01-21
Unknown · Phpgurukul Hospital Management System · CVE-2024-56998
**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 4.0 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability in the /edit-profile.php file, specifically via the `address` parameter. This allows an attacker to inject malicious scripts, potentially compromising user data. **Recommendations** For PHPGurukul Hospital Management System version 4.0, consider disabling the /edit-profile.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `address` parameter in the /edit-profile.php file to minimize the risk of exploitation.