Riccardo Nannini

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 4.0 **Description** The issue concerns a Cross Site Scripting (XSS) flaw. This type of flaw occurs when an application includes user input in its output without proper validation or encoding, allowing an attacker to inject malicious content, such as scripts. In this case, the vulnerability is present in the add-patient.php file. **Recommendations** For PHPGurukul Hospital Management System version 4.0, consider validating and encoding all user input in the add-patient.php file to prevent XSS attacks. As a temporary workaround, restrict access to the add-patient.php file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 4.0 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability. It affects the "doctor/view-patient.php", "admin/view-patient.php", and "view-medhistory.php" endpoints. **Recommendations** For PHPGurukul Hospital Management System version 4.0, update the software to a version that includes a fix for this issue, if available. As a temporary workaround, consider restricting access to the affected endpoints until a patch is available.