CVE-2024-37803

Name of the Vulnerable Software and Affected Versions CodeProjects Health Care hospital Management System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page. This is a result of multiple stored cross-site scripting (XSS) vulnerabilities.

Recommendations For CodeProjects Health Care hospital Management System version 1.0, consider restricting access to the Staff Info page until a patch is available. As a temporary workaround, avoid using the fname and lname parameters in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.