CVE-2024-56990

Name of the Vulnerable Software and Affected Versions PHPGurukul Hospital Management System version 4.0

Description The issue concerns Cross Site Scripting (XSS) in specific API endpoints, namely "/view-medhistory.php" and "/admin/view-patient.php". This allows for potential malicious script injection and execution.

Recommendations For PHPGurukul Hospital Management System version 4.0, consider disabling access to the "/view-medhistory.php" and "/admin/view-patient.php" endpoints until a patch is available. Restrict input validation for these endpoints to minimize the risk of XSS exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.