CVE-2024-2135

Name of the Vulnerable Software and Affected Versions Bdtask Hospita AutoManager versions up to 20240223

Description A problem was found in the Hospital Activities Page component, affecting the processing of the /hospital activities/birth/form file. The issue is related to the manipulation of the Description argument with specific input, such as <img src=a onerror=alert(1)>, which leads to Cross-Site Scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Bdtask Hospita AutoManager versions up to 20240223, consider disabling the Description argument in the /hospital activities/birth/form file to minimize the risk of exploitation until a patch is available. Restrict access to the Hospital Activities Page component to reduce the risk of remote attacks. At the moment, there is no information about a newer version that contains a fix for this issue.