CVE-2020-25271

MEDIUM

PHPGurukul hospital_management_system 4.0 - Cross-Site Scripting via Multiple Search and Appointment Pages

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25271. PoCs published by Ko-kn3t.

AI-analyzed exploit summary This repository contains a detailed writeup describing a stored XSS vulnerability in PHPGurukul's Hospital Management System v4.0. The vulnerability allows an attacker to inject malicious scripts via patient account creation, affecting multiple dashboard pages across admin, doctor, and patient modules.

Description

PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.

Exploits (1)

nomisec WRITEUP

by Ko-kn3t · poc

https://github.com/Ko-kn3t/CVE-2020-25271

View Code ZIP pw:eip

This repository contains a detailed writeup describing a stored XSS vulnerability in PHPGurukul's Hospital Management System v4.0. The vulnerability allows an attacker to inject malicious scripts via patient account creation, affecting multiple dashboard pages across admin, doctor, and patient modules.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PHPGurukul hospital-management-system-in-php v4.0

Auth required

Prerequisites: Access to create a patient account · Valid login credentials for admin/doctor roles

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product x_refsource_misc

https://phpgurukul.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Ko-kn3t/CVE-2020-25271

Scores

CVSS v3 5.4

EPSS 0.0061

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

phpgurukul/hospital_management_system 4.0

Published Oct 08, 2020

Tracked Since Feb 18, 2026