CVE-2024-10807

LOW

Anujkumar Hospital Management System - XSS

Title source: rule

Description

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Permissions Required] https://vuldb.com/?ctiid.283031

[Third Party Advisory] https://vuldb.com/?id.283031

[Third Party Advisory] https://vuldb.com/?submit.436551

[Exploit, Third Party Advisory] https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(search.php).md

View Exploit ZIP pw:eip

[Product] https://phpgurukul.com/

Scores

CVSS v3 2.4

EPSS 0.0011

EPSS Percentile 29.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-74 CWE-79 CWE-707

Status published

Affected Products (1)

anujkumar/hospital_management_system

Timeline

Published Nov 05, 2024

Tracked Since Feb 18, 2026