CVE-2025-45805

Name of the Vulnerable Software and Affected Versions phpgurukul Doctor Appointment Management System version 1.0

Description An authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is rendered without proper sanitization when a user visits the website and selects the doctor to book an appointment.

Recommendations As a temporary workaround, consider restricting the characters allowed in the doctor's profile name field to prevent JavaScript code injection.