CVE-2025-9754 — Cross-site Scripting in Online Hospital Management System

CWE-79 — Cross-site Scripting CWE-94 — Code Injection3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.0%

top 91.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Campcodes Online Hospital Management System

Timeline

PublishedSep 1

Latest updateSep 4

Description

A flaw has been found in Campcodes Online Hospital Management System 1.0. The impacted element is an unknown function of the file /edit-profile.php of the component Edit Profile Page. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5campcodes/online_hospital_management_system1.0

▶NVDcampcodes/online_hospital_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-mrgp-vm5q-f626: A flaw has been found in Campcodes Online Hospital Management System 1↗2025-09-04

▶

CVEList

Campcodes Online Hospital Management System Edit Profile edit-profile.php cross site scripting↗2025-09-01

▶