PT-2024-16564 · Unknown · Phpgurukul Hospital Management System
Secuserx
·
Published
2024-11-04
·
Updated
2024-11-09
·
CVE-2024-10806
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Hospital Management System version 4.0
Description
A vulnerability was found in the PHPGurukul Hospital Management System, affecting the file betweendates-detailsreports.php. The manipulation of the
fromdate and todate arguments leads to cross-site scripting. The attack can be initiated remotely.Recommendations
For PHPGurukul Hospital Management System version 4.0, update to the latest release to mitigate risks.
As a temporary workaround, consider validating the
fromdate and todate inputs to minimize the risk of exploitation.Exploit
Fix
Improper Neutralization
Special Elements Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgurukul Hospital Management System