CVE-2025-66918

Name of the Vulnerable Software and Affected Versions edoc-doctor-appointment-system version 1.0.1

Description The edoc-doctor-appointment-system software is affected by a Cross Site Scripting (XSS) issue. This issue occurs in the 'admin/add-session.php' component through the title parameter. Successful exploitation could allow an attacker to inject malicious scripts into the web page.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the title parameter in the 'admin/add-session.php' component to prevent the injection of malicious scripts.