PT-2021-11906 · Unknown · Qdocs Smart Hospital Management System

Published

2021-01-26

Updated

2021-02-01

CVE-2020-36011

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: QDOCS Smart Hospital Management System version 3.1

Description: A cross-site scripting (XSS) issue in the Add Patient Form allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.

Recommendations: For QDOCS Smart Hospital Management System version 3.1, consider restricting input in the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field to prevent code injection until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-36011

Affected Products

Qdocs Smart Hospital Management System

PT-2021-11906 · Unknown · Qdocs Smart Hospital Management System

CVE-2020-36011

Weakness Enumeration

Related Identifiers

Affected Products

References · 4