CVE-2025-45805 — Cross-site Scripting in Doctor Appointment Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

7.6HIGHNVD

EPSS

0.0%

top 97.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Doctor Appointment Management System

Timeline

PublishedSep 3

Latest updateSep 8

Description

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages1 packages

▶NVDphpgurukul/doctor_appointment_management_system1.0.0

🔴Vulnerability Details

GHSA

GHSA-gmfc-6cfw-wmrf: In phpgurukul Doctor Appointment Management System 1↗2025-09-08

▶

CVEList

CVE-2025-45805: In phpgurukul Doctor Appointment Management System 1↗2025-09-03

▶