CVE-2022-35117

Name of the Vulnerable Software and Affected Versions Clinic's Patient Management System version 1.0

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module, specifically via the update medicine details.php endpoint.

Recommendations For Clinic's Patient Management System version 1.0, consider disabling the Update Medical Details module until a patch is available to prevent exploitation of the XSS vulnerability via the update medicine details.php endpoint. Restrict access to the Packing text box to minimize the risk of arbitrary web script or HTML execution.