Salah Tayeh

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hospital Management System version 1.0 **Description** A vulnerability has been found in the SourceCodester Hospital Management System, affecting an unknown part of the file /vm/patient/delete-account.php. The manipulation of the `id` argument leads to improper authorization, allowing for remote attacks. This issue can lead to unauthorized deletion of patient accounts. **Recommendations** Update to the latest version of the SourceCodester Hospital Management System to mitigate risks. As a temporary workaround, consider restricting access to the `/vm/patient/delete-account.php` endpoint until a patch is available. Review access controls to prevent unauthorized actions.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hospital Management System version 1.0 **Description** A high-severity issue affects the SourceCodester Hospital Management System, where the manipulation of the `name` argument in the `/vm/doctor/edit-doc.php` file leads to cross-site scripting. The attack can be launched remotely, and other parameters might also be affected. The issue has been disclosed to the public and may be exploited. **Recommendations** Update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the `/vm/doctor/edit-doc.php` file until a patch is available. Avoid using the `name` argument in the affected file until the issue is resolved.