PT-2024-31929 · Unknown · Phpgurukul Hospital Management System

Anoncoder01

Published

2024-10-21

Updated

2024-10-23

CVE-2024-46238

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions PHPGurukul Hospital Management System version 4.0

Description The issue concerns multiple Cross Site Scripting (XSS) vulnerabilities. These vulnerabilities exist in the PHPGurukul Hospital Management System via the docname parameter in "/admin/add-doctor.php" and "/admin/edit-doctor.php" API endpoints.

Recommendations For PHPGurukul Hospital Management System version 4.0, consider disabling the docname parameter in the affected API endpoints until a patch is available. Restrict access to "/admin/add-doctor.php" and "/admin/edit-doctor.php" to minimize the risk of exploitation. Avoid using the docname parameter in these endpoints until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-46238

Affected Products

Phpgurukul Hospital Management System

PT-2024-31929 · Unknown · Phpgurukul Hospital Management System

CVE-2024-46238

Weakness Enumeration

Related Identifiers

Affected Products

References · 5