CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11678 – CodeAstro Hospital Management System his_doc_register_patient.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11678
A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. • https://codeastro.com https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md https://vuldb.com/?ctiid.286018 https://vuldb.com/?id.286018 https://vuldb.com/?submit.448789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11677 – CodeAstro Hospital Management System Add Vendor Details Page his_admin_add_vendor.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11677
A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. • https://codeastro.com https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md https://vuldb.com/?ctiid.286017 https://vuldb.com/?id.286017 https://www.youtube.com/watch?v=UsScmd8Xzuw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-52899 – IBM Data Virtualization Manager code execution
https://notcve.org/view.php?id=CVE-2024-52899
IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. IBM Data Virtualization Manager para z/OS 1.1 y 1.2 podría permitir que un usuario autenticado inyecte parámetros de URL JDBC maliciosos y ejecute código en el servidor. • https://www.ibm.com/support/pages/node/7177091 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11676 – CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11676
A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md https://vuldb.com/?ctiid.286016 https://vuldb.com/?id.286016 https://www.youtube.com/watch?v=UsScmd8Xzuw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11675 – CodeAstro Hospital Management System Add Patient Details Page his_admin_register_patient.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11675
A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com https://github.com/EmilGallajov/zero-day/blob/main/codeastro_hms_stored_xss.md https://vuldb.com/?ctiid.286015 https://vuldb.com/?id.286015 https://www.youtube.com/watch?v=UsScmd8Xzuw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •