CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25271
https://notcve.org/view.php?id=CVE-2020-25271
08 Oct 2020 — PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. PHPGurukul hospital-management-system-in-php versión 4.0, permite un ataque de tipo XSS por medio del archivo admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, o admin/appointment-history.php • https://github.com/Ko-kn3t/CVE-2020-25271 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-5193 – Hospital Management System 4.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-5193
13 Jan 2020 — PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter. PHPGurukul Hospital Management System en PHP versión v4.0 sufre de múltiples vulnerabilidades de tipo XSS reflejado por medio de los datos del parámetro searchdata o Doctorspecialization. Hospital Management System version 4.0 suffers from multiple reflective cross site scripting vulnerabilities. • https://packetstorm.news/files/id/155929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 1CVE-2020-5191 – Hospital Management System 4.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-5191
06 Jan 2020 — PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities. PHPGurukul Hospital Management System en PHP versión v4.0, sufre de múltiples vulnerabilidades de tipo XSS persistentes. • https://www.exploit-db.com/exploits/47841 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 32%CPEs: 1EXPL: 1CVE-2020-5192 – Hospital Management System 4.0 - 'searchdata' SQL Injection
https://notcve.org/view.php?id=CVE-2020-5192
06 Jan 2020 — PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised. PHPGurukul Hospital Management System en PHP versión v4.0 sufre de múltiples vulnerabilidades de inyección SQL: múltiples páginas y parámetros no comprueban la entrada del usuario y permiten que la base de datos y la información de la aplicación estén completamente ... • https://www.exploit-db.com/exploits/47840 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •