PT-2024-31930 · Unknown · Phpgurukul Hospital Management System
Anoncoder01
·
Published
2024-10-21
·
Updated
2024-10-23
·
CVE-2024-46239
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Hospital Management System version 4.0
Description
The issue concerns cross-site scripting vulnerabilities in the PHPGurukul Hospital Management System. These vulnerabilities exist via the
docname parameter in "/doctor/edit-profile.php" and the adminremark parameter in "/admin/query-details.php".Recommendations
For PHPGurukul Hospital Management System version 4.0, consider disabling the
docname and adminremark parameters in the respective API endpoints until a patch is available.
Restrict access to the "/doctor/edit-profile.php" and "/admin/query-details.php" endpoints to minimize the risk of exploitation.
Avoid using the docname and adminremark parameters in the affected API endpoints until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Hospital Management System