| Titel | PHPGurukul Hospital-Management-System 4.0 Cross Site Scripting |
|---|
| Beschreibung | A critical Stored Cross-Site Scripting (XSS) vulnerability was discovered in the edit-patient.php file of PHPGurukul's Hospital Management System (v4.0).
Attackers can inject malicious JavaScript via the patname field (POST parameter), which gets persistently stored in the database and executed whenever the profile page is viewed. |
|---|
| Quelle | ⚠️ https://github.com/Ant1sec-ops/Hospital-management-Systemv4.0-Stored-XSS/blob/main/stored-xss-exploit.md |
|---|
| Benutzer | Subhash Paudel (UID 66830) |
|---|
| Einreichung | 02.06.2025 16:49 (vor 1 Jahr) |
|---|
| Moderieren | 03.06.2025 22:51 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 311046 [PHPGurukul Hospital Management System 4.0 POST Parameter edit-patient.php?editid=2 patname Cross Site Scripting] |
|---|
| Punkte | 18 |
|---|