CVE-2024-11675

Name of the Vulnerable Software and Affected Versions CodeAstro Hospital Management System version 1.0

Description A vulnerability has been found in the CodeAstro Hospital Management System, affecting an unknown functionality of the file /backend/admin/his admin register patient.php of the component Add Patient Details Page. The manipulation of the arguments pat fname, pat ailment, pat lname, pat age, pat dob, pat number, pat phone, pat type, and pat addr leads to cross-site scripting. The attack can be launched remotely.

Recommendations For CodeAstro Hospital Management System version 1.0, as a temporary workaround, consider validating and sanitizing the inputs for the arguments pat fname, pat ailment, pat lname, pat age, pat dob, pat number, pat phone, pat type, and pat addr to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.