CVE-2024-11676

Name of the Vulnerable Software and Affected Versions CodeAstro Hospital Management System version 1.0

Description A vulnerability was found in the CodeAstro Hospital Management System, affecting some unknown functionality of the file /backend/admin/his admin add lab equipment.php of the component Add Laboratory Equipment Page. The manipulation of the arguments eqp code, eqp name, eqp vendor, eqp desc, eqp dept, eqp status, eqp qty leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For CodeAstro Hospital Management System version 1.0, as a temporary workaround, consider restricting access to the /backend/admin/his admin add lab equipment.php file until a patch is available. Avoid using the arguments eqp code, eqp name, eqp vendor, eqp desc, eqp dept, eqp status, eqp qty in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.