| Title | PHPGurukul Hospital-Management-System 4.0 Cross Site Scripting |
|---|
| Description | A critical Stored Cross-Site Scripting (XSS) vulnerability was discovered in the edit-patient.php file of PHPGurukul's Hospital Management System (v4.0).
Attackers can inject malicious JavaScript via the patname field (POST parameter), which gets persistently stored in the database and executed whenever the profile page is viewed. |
|---|
| Source | ⚠️ https://github.com/Ant1sec-ops/Hospital-management-Systemv4.0-Stored-XSS/blob/main/stored-xss-exploit.md |
|---|
| User | Subhash Paudel (UID 66830) |
|---|
| Submission | 06/02/2025 16:49 (1 Year ago) |
|---|
| Moderation | 06/03/2025 22:51 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 311046 [PHPGurukul Hospital Management System 4.0 POST Parameter edit-patient.php?editid=2 patname cross site scripting] |
|---|
| Points | 18 |
|---|