PT-2021-4036 · Unknown · Chikitsa Patient Management System

Published

2021-06-08

Updated

2021-08-12

CVE-2021-38151

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Chikitsa Patient Management System version 2.0.0

Description The issue is related to the index.php/appointment/todos endpoint in the Chikitsa Patient Management System, which allows for XSS attacks. This is due to the lack of protection measures for the web page structure. Exploitation of this issue can allow a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations For Chikitsa Patient Management System version 2.0.0, consider disabling access to the index.php/appointment/todos endpoint until a patch is available to prevent potential XSS attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2021-04563

CVE-2021-38151

Affected Products

Chikitsa Patient Management System

PT-2021-4036 · Unknown · Chikitsa Patient Management System

CVE-2021-38151

Weakness Enumeration

Related Identifiers

Affected Products

References · 8