CVE-2024-11677 | CodeAstro Hospital Management System 1.0 Add Vendor Details Page his_admin_add_vendor.php v_name/v_adr/v_number/v_email/v_phone/v_desc cross site scripting

Inserito da Angelo Barbosa | Nov 25, 2024 | CVE

A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2024-11677. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2024-11677 | CodeAstro Hospital Management System 1.0 Add Vendor Details Page his_admin_add_vendor.php v_name/v_adr/v_number/v_email/v_phone/v_desc cross site scripting

Post correlati

CVE-2023-43303 | Craftbeer Bar Canvas mini-app on Line 13.6.1 Channel Access Token information disclosure

CVE-2024-1217 | kaliforms Contact Form Builder with Drag & Drop Plugin up to 2.3.41 on WordPress Deactivation await_plugin_deactivation authorization

CVE-2024-1538 | File Manager Plugin up to 7.2.4 on WordPress JS File cross-site request forgery

CVE-2024-43491 | Microsoft Windows 10 Update use after free