Bdtask G-Prescription Gynaecology & OBS Consultation Software OBS Patient/Gynee Prescription cross site scripting

A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was shared 03/07/2024 by srivishnu. The advisory is shared for download at drive.google.com. This vulnerability is traded as CVE-2024-2275. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1059.007. It is declared as proof-of-concept. The exploit is shared for download at drive.google.com. As 0-day the estimated underground price was around $0-$5k. The vendor was contacted early about this disclosure but did not respond in any way. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field03/09/2024 17:5704/05/2024 16:5604/05/2024 17:04
vendorBdtaskBdtaskBdtask
nameG-Prescription Gynaecology & OBS Consultation SoftwareG-Prescription Gynaecology & OBS Consultation SoftwareG-Prescription Gynaecology & OBS Consultation Software
version1.01.01.0
componentOBS Patient/Gynee PrescriptionOBS Patient/Gynee PrescriptionOBS Patient/Gynee Prescription
argumentPatient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template NamePatient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template NamePatient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
urlhttps://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdkhttps://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdkhttps://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk
availability111
publicity111
urlhttps://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdkhttps://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdkhttps://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk
cveCVE-2024-2275CVE-2024-2275CVE-2024-2275
responsibleVulDBVulDBVulDB
response_summaryThe vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.
date1709766000 (03/07/2024)1709766000 (03/07/2024)1709766000 (03/07/2024)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore3.33.33.3
cvss2_vuldb_tempscore2.82.82.8
cvss3_vuldb_basescore2.42.42.4
cvss3_vuldb_tempscore2.22.22.2
cvss3_meta_basescore2.42.42.4
cvss3_meta_tempscore2.22.22.3
price_0day$0-$5k$0-$5k$0-$5k
person_nicknamesrivishnusrivishnusrivishnu
cve_assigned1709766000 (03/07/2024)1709766000 (03/07/2024)
cve_nvd_summaryA vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256044. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256044. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_prHH
cvss4_vuldb_vcNN
cvss4_vuldb_viLL
cvss4_vuldb_vaNN
cvss4_vuldb_ePP
cvss4_vuldb_atNN
cvss4_vuldb_uiNN
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss4_vuldb_bscore5.15.1
cvss4_vuldb_btscore2.02.0
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auM
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prH
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore3.3
cvss3_cna_basescore2.4

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!