Yashh2

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Hospital Management System version 1.0 **Description** A cross-site scripting issue exists in the Patient Search Module, specifically within the `/admin/patient-search.php` file. Manipulation of the `Search by Name Mobile No` argument can trigger the issue. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/patient-search.php` file until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Hospital Management System version 1.0 **Description** A flaw has been found that allows for cross-site scripting (XSS). The issue is located in an unknown function within the `/edit-profile.php` file of the Edit Profile Page component. Manipulation of the `Username` argument can trigger the vulnerability, and the attack can be launched remotely. The exploit has been published. **Recommendations** As a temporary workaround, consider restricting access to the `/edit-profile.php` file until a patch is available. Sanitize the `Username` input to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Campcodes Hospital Management System version 1.0 **Description** A weakness has been identified in Campcodes Hospital Management System that allows for SQL injection. The issue is located in an unknown functionality of the file `/admin/` within the Admin Dashboard Login component. Manipulation of the `Password` argument can trigger the injection. The exploit has been made publicly available and could be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Hospital Management System version 1.0 **Description** A cross site scripting issue exists in Campcodes Hospital Management System 1.0. The issue affects an unknown function within the `/admin/edit-doctor-specialization.php` file of the Edit Doctor Specialization Page component. The attack can be launched remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.