CVE-2024-10807

LOW

Anujkumar Hospital Management System - XSS

Title source: rule

Description

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Third Party Advisory] https://vuldb.com/?id.283031

[Permissions Required] https://vuldb.com/?ctiid.283031

[Third Party Advisory] https://vuldb.com/?submit.436551

[Exploit, Third Party Advisory] https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Hospital%20Management%20System%20(HMS)%204.0%20-%20(search.php).md

View Exploit ZIP pw:eip

[Product] https://phpgurukul.com/

Scores

CVSS v3 2.4

EPSS 0.0011

EPSS Percentile 29.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-79 CWE-707

Status published

Products (1)

anujkumar/hospital_management_system 4.0

Published Nov 05, 2024

Tracked Since Feb 18, 2026