CVE-2024-11678

Name of the Vulnerable Software and Affected Versions CodeAstro Hospital Management System version 1.0

Description A vulnerability was found in the CodeAstro Hospital Management System, affecting unknown code in the file /backend/doc/his doc register patient.php. The manipulation of the arguments pat fname, pat ailment, pat lname, pat age, pat dob, pat number, pat phone, pat type, pat addr leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For CodeAstro Hospital Management System version 1.0, consider restricting access to the file /backend/doc/his doc register patient.php to minimize the risk of exploitation. Avoid using the arguments pat fname, pat ailment, pat lname, pat age, pat dob, pat number, pat phone, pat type, pat addr in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.