CVE-2024-10807

Name of the Vulnerable Software and Affected Versions PHPGurukul Hospital Management System version 4.0

Description A vulnerability was found in the PHPGurukul Hospital Management System, affecting some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross-site scripting. The attack may be initiated remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For PHPGurukul Hospital Management System version 4.0, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the searchdata argument in the affected file hms/doctor/search.php until a patch is available. Avoid using the searchdata argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.