PT-2025-26538 · Unknown · Codeastro Patient Record Management System
Subhash Paudel
+1
·
Published
2025-06-22
·
Updated
2025-06-27
·
CVE-2025-6452
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
CodeAstro Patient Record Management System version 1.0
Description:
A vulnerability was found in the CodeAstro Patient Record Management System. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument
Patient Name/Name leads to cross-site scripting. The attack may be initiated remotely.Recommendations:
For CodeAstro Patient Record Management System version 1.0, consider restricting access to the Generate New Report Page until a fix is available. As a temporary workaround, avoid using the
Patient Name/Name argument in the affected component to minimize the risk of exploitation.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Codeastro Patient Record Management System