PT-2025-35434 · Unknown · Campcodes Online Hospital Management System
Yashh2
·
Published
2025-09-01
·
Updated
2025-09-01
·
CVE-2025-9753
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Campcodes Online Hospital Management System version 1.0
Description
A cross-site scripting issue exists in the Patient Search Module, specifically within the
/admin/patient-search.php file. Manipulation of the Search by Name Mobile No argument can trigger the issue. The attack can be initiated remotely. The exploit is publicly available.Recommendations
As a temporary workaround, consider restricting access to the
/admin/patient-search.php file until a fix is available.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Campcodes Online Hospital Management System