CVE Details
Basic Information
| Title | PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-06-04T10:00:20.873Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Hospital Management System |
| Version | 4.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability in PHPGurukul Hospital Management System 4.0 allows remote attackers to inject scripts via the ‘patname’ parameter in the POST parameter handler of edit-patient.php. This could enable unauthorized actions or data theft. |
|---|---|
| AI Severity | Medium |
| Vendor | PHPGurukul |
| Product | Hospital Management System |
| Affected Version | 4.0 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-79, CWE-94 |
| Bulletin Family | |
| Source Data | PHPGurukul Hospital Management System 4.0 |
Source Information
| Source Data | PHPGurukul Hospital Management System 4.0 |
|---|---|
| Source Link |
Description
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 4.8 (MEDIUM)