CVE-2024-11676 | CodeAstro Hospital Management System 1.0 Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting

Posted by Angelo Barbosa | Nov 25, 2024 | CVE

A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting.

This vulnerability is handled as CVE-2024-11676. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-11676 | CodeAstro Hospital Management System 1.0 Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting

Related Posts

CVE-2024-34675 | Samsung Mobile Devices Dex Mode access control

CVE-2024-4708 | mySCADA myPRO 7/8.20.0/8.26/8.27.0/8.29.0 hard-coded password (icsa-24-184-02)

CVE-2024-9607 | 10Web Social Post Feed Plugin up to 1.2.9 on WordPress cross site scripting

CVE-2024-1400 | Mollie Forms Plugin up to 2.6.3 on WordPress Post authorization