CVE-2025-41003

Name of the Vulnerable Software and Affected Versions Imaster Patient Record Management System (affected versions not specified)

Description The software contains a stored Cross-Site Scripting (XSS) issue in the /projects/hospital/admin/edit patient.php endpoint. An attacker can inject a malicious script into the firstname parameter. This injected JavaScript code is then stored and executed whenever a user accesses the patient list, potentially allowing the attacker to execute arbitrary JavaScript in a victim’s browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.