CVE-2020-25271 — Cross-site Scripting in Hospital Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 60.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Hospital Management System

Timeline

PublishedOct 8

Latest updateMay 24

Description

PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDphpgurukul/hospital_management_system4.0

🔴Vulnerability Details

GHSA

GHSA-2jrc-gh3g-pg7h: PHPGurukul hospital-management-system-in-php 4↗2022-05-24

▶

CVEList

CVE-2020-25271: PHPGurukul hospital-management-system-in-php 4↗2020-10-08

▶