Page 16 of 79 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-38756

https://notcve.org/view.php?id=CVE-2021-38756

Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php. Una vulnerabilidad de tipo cross-site scripting (XSS) persistente en Hospital Management System, dirigida al administrador de la web mediante el archivo prescribe.php. • https://github.com/kishan0725/Hospital-Management-System/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-38755

https://notcve.org/view.php?id=CVE-2021-38755

Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. Una eliminación de entradas de médicos sin autenticación en Hospital Management System, en el archivo admin-panel1.php. • https://github.com/kishan0725/Hospital-Management-System/issues/5 • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2021-38754

https://notcve.org/view.php?id=CVE-2021-38754

SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. Una vulnerabilidad de inyección SQL en Hospital Management System debido a una falta de comprobación de entradas en el archivo messearch.php. • https://github.com/kishan0725/Hospital-Management-System/issues/7 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38754 https://streamable.com/y9qy4m • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-17393

https://notcve.org/view.php?id=CVE-2018-17393

SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php. Existe inyección SQL en HealthNode Hospital Management System 1.0 mediante los parámetros id en dashboard/Patient/info.php o dashboard/Patient/patientdetails.php. • https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/46148 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •