CVE-2021-36352

MEDIUM

Care2x Hospital Information Management 2.7 Alpha - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-36352. PoCs published by securityforeveryone.com.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in Care2x Hospital Information Management 2.7 Alpha. It details vulnerable parameters and a payload example but does not include executable exploit code.

Description

Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.

Exploits (1)

exploitdb WRITEUP
by securityforeveryone.com · textwebappsphp
https://www.exploit-db.com/exploits/50197

This is a writeup describing a stored XSS vulnerability in Care2x Hospital Information Management 2.7 Alpha. It details vulnerable parameters and a payload example but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Care2x Open Source Hospital Information Management <= 2.7 Alpha
Auth required
Prerequisites: Access to the Care2x panel · Valid credentials to submit the malicious payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50197

Scores

CVSS v3 5.4
EPSS 0.0065
EPSS Percentile 46.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
care2x/hospital_information_management 2.7 alpha
Published Aug 26, 2021
Tracked Since Feb 18, 2026