CVE-2025-9746Cross-site Scripting in Hospital Management System

CWE-79Cross-site ScriptingCWE-94Code Injection3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 93.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Campcodes Hospital Management System
Timeline
PublishedAug 31
Latest updateSep 4

Description

A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-3g4x-5jfv-pg4g: A vulnerability was detected in Campcodes Hospital Management System 12025-09-04
CVEList
Campcodes Hospital Management System Edit Doctor Specialization edit-doctor-specialization.php cross site scripting2025-08-31
CVE-2025-9746 — Cross-site Scripting | cvebase