CVE-2024-56997

Name of the Vulnerable Software and Affected Versions PHPGurukul Hospital Management System version 4.0

Description The issue concerns a Cross Site Scripting (XSS) vulnerability in the /doctor/index.php file, where an attacker can inject malicious code via the Email parameter. This allows for potential code execution and unauthorized access.

Recommendations For PHPGurukul Hospital Management System version 4.0, as a temporary workaround, consider restricting access to the /doctor/index.php file or disabling the Email parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.