Campcodes Online Hospital Management System Edit Profile edit-profile.php cross site...

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Campcodes Online Hospital Management System 1.0. The impacted element is an unknown function of the file /edit-profile.php of the component Edit Profile Page. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.

Basic Information

ID CVE-2025-9754

Source VulDB

Published Sep 1, 2025 at 01:02

Affected Product

Vendor Campcodes

Product Online Hospital Management System

Version 1.0

Affected Versions Campcodes Online Hospital Management System 1.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A flaw has been found in Campcodes Online Hospital Management System 1.0. The impacted element is an unknown function of the file /edit-profile.php of the component Edit Profile Page. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.",
    "published": "2025-09-01T01:02:07.624Z",
    "modified": "2025-09-01T01:02:07.624Z",
    "type": "cve",
    "title": "Campcodes Online Hospital Management System Edit Profile edit-profile.php cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.322055\nhttps://vuldb.com/?ctiid.322055\nhttps://vuldb.com/?submit.640616\nhttps://github.com/Yashh-G/zero-day-research/blob/main/HMS_Stored_XSS_In_UserName_Field.pdf\nhttps://www.campcodes.com/",
    "id": "CVE-2025-9754",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Campcodes Online Hospital Management System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Online Hospital Management System",
    "version": "1.0",
    "vendor": "Campcodes",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Campcodes Online Hospital Management System Edit Profile edit-profile.php cross site scripting_CVE-2025-9754