CVE-2021-36352

Name of the Vulnerable Software and Affected Versions Care2x Hospital Information Management version 2.7 Alpha

Description A stored cross-site scripting (XSS) issue has been identified. The vulnerability is found in POST requests to the "/modules/registration admission/patient register.php" page, specifically with the parameters name middle, addr str, station, name maiden, name 2, and name 3.

Recommendations For Care2x Hospital Information Management version 2.7 Alpha, consider disabling the parameters name middle, addr str, station, name maiden, name 2, and name 3 in the "/modules/registration admission/patient register.php" page as a temporary workaround until a patch is available. Restrict access to the patient registration module to minimize the risk of exploitation.