PT-2025-35435 · Campcodes · Campcodes Online Hospital Management System
Yashh2
·
Published
2025-09-01
·
Updated
2025-09-01
·
CVE-2025-9754
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Campcodes Online Hospital Management System version 1.0
Description
A flaw has been found that allows for cross-site scripting (XSS). The issue is located in an unknown function within the
/edit-profile.php file of the Edit Profile Page component. Manipulation of the Username argument can trigger the vulnerability, and the attack can be launched remotely. The exploit has been published.Recommendations
As a temporary workaround, consider restricting access to the
/edit-profile.php file until a patch is available.
Sanitize the Username input to prevent the injection of malicious scripts.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Campcodes Online Hospital Management System