Lucene search
China National Vulnerability DatabaseCNVD-2022-72089HistoryOct 25, 2022 - 12:00 a.m.
Hospital Management System Cross-Site Scripting Vulnerability (CNVD-2022-72089)
2022-10-2500:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
hospital management
cross-site scripting
vulnerability
sql injection
session cookies
healthcare information
EPSS
0.001
Percentile
24.8%
Hospital Management System (HMS) is a computer system that helps manage health care-related information and helps health care providers do their jobs efficiently. hospital Management System v4.0 contains a cross-site scripting vulnerability that originates in the view-patient .php and view-medhistory.php files, several POST parameters are used directly in INSERT SQL queries without any type of escaping or cleanup, and an attacker can exploit this vulnerability to inject malicious Javascript into the database and steal session cookies from users and administrators.
Related
cvelist
cvelist
CVE-2022-42206
2022-10-21 00:00:00
nvd
nvd
CVE-2022-42206
2022-10-21 13:15:09
prion
prion
Cross site scripting
2022-10-21 13:15:00
cve
cve
CVE-2022-42206
2022-10-21 13:15:09