CVE-2020-26628

Name of the Vulnerable Software and Affected Versions Hospital Management System version 4.0

Description A Cross-Site Scripting (XSS) vulnerability was discovered in the Hospital Management System, allowing an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile' page and triggered by another user visiting the profile.

Recommendations For Hospital Management System version 4.0, consider disabling the 'Edit Profile' page functionality until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the 'Edit Profile' page to minimize the risk of arbitrary web script execution. Avoid using the username field in the 'Edit Profile' page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.