CVE-2024-56998

Name of the Vulnerable Software and Affected Versions PHPGurukul Hospital Management System version 4.0

Description The issue concerns a Cross Site Scripting (XSS) vulnerability in the /edit-profile.php file, specifically via the address parameter. This allows an attacker to inject malicious scripts, potentially compromising user data.

Recommendations For PHPGurukul Hospital Management System version 4.0, consider disabling the /edit-profile.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the address parameter in the /edit-profile.php file to minimize the risk of exploitation.