CVE-2022-25493

Name of the Vulnerable Software and Affected Versions HMS version 1.0

Description A reflected cross-site scripting (XSS) issue was found in HMS via the treatmentrecord.php file. This allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access or data theft.

Recommendations For HMS version 1.0, consider restricting access to the treatmentrecord.php file until a patch is available. As a temporary workaround, avoid using the treatmentrecord.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.