CVE-2025-9753Cross-site Scripting in Online Hospital Management System

CWE-79Cross-site ScriptingCWE-94Code Injection3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 89.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Campcodes Online Hospital Management System
Timeline
PublishedSep 1
Latest updateSep 4

Description

A vulnerability was detected in Campcodes Online Hospital Management System 1.0. The affected element is an unknown function of the file /admin/patient-search.php of the component Patient Search Module. Performing manipulation of the argument Search by Name Mobile No results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-wq95-wwv5-8h5c: A vulnerability was detected in Campcodes Online Hospital Management System 12025-09-04
CVEList
Campcodes Online Hospital Management System Patient Search patient-search.php cross site scripting2025-09-01
CVE-2025-9753 — Cross-site Scripting | cvebase