Vulnerabilities > Phpgurukul > Hospital Management System > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-46237 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. | 5.4 |
| 2024-01-10 | CVE-2020-26627 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | 4.9 |
| 2024-01-10 | CVE-2020-26628 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile. | 6.1 |
| 2024-01-10 | CVE-2020-26630 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. | 4.9 |
| 2024-01-07 | CVE-2024-0286 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 1.0 A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. | 6.1 |
| 2023-12-30 | CVE-2023-7173 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 1.0 A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. | 5.4 |
| 2022-10-28 | CVE-2021-35388 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | 5.4 |
| 2022-10-21 | CVE-2022-42205 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. | 5.4 |
| 2022-10-21 | CVE-2022-42206 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. | 5.4 |
| 2021-11-05 | CVE-2021-39411 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. | 6.1 |