CVE-2020-22167

Name of the Vulnerable Software and Affected Versions PHPGurukul Hospital Management System version 4.0

Description The issue is related to a lack of protection for the web page structure in the appointment-history.php component of the PHPGurukul Hospital Management System. This can be exploited by a remote attacker to intercept cookie data. The vulnerability is a Persistent Cross-Site Scripting issue that can be exploited by remote registered users to obtain user cookie data.

Recommendations For PHPGurukul Hospital Management System version 4.0, consider disabling access to the appointment-history.php file until a patch is available to prevent exploitation of the Persistent Cross-Site Scripting vulnerability. Restrict access to the hms/admin directory to minimize the risk of exploitation. Avoid using the cookie data in the affected API endpoints until the issue is resolved.