CVE-2021-39411

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0

Description: Multiple Cross Site Scripting (XSS) vulnerabilities exist in the system. The issue is related to the searchdata parameter in "/doctor/search.php" and "/admin/patient-search.php" API endpoints, and the fromdate and todate parameters in the "/admin/betweendates-detailsreports.php" endpoint.

Recommendations: For PHPGurukul Hospital Management System version 4.0, consider disabling the searchdata, fromdate, and todate parameters in the affected API endpoints until a patch is available. Restrict access to the "/doctor/search.php", "/admin/patient-search.php", and "/admin/betweendates-detailsreports.php" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.