Lucene search

[email protected]NVD:CVE-2024-37803

HistoryJun 18, 2024 - 5:15 p.m.

CVE-2024-37803

2024-06-1817:15:52

CWE-79

[email protected]

web.nvd.nist.gov

security

xss

codeprojects

health care

management system

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.4%

JSON

Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page.

Affected configurations

Nvd

Node

health_care_hospital_management_system_projecthealth_care_hospital_management_systemMatch1.0

VendorProductVersionCPE
health_care_hospital_management_system_projecthealth_care_hospital_management_system1.0cpe:2.3:a:health_care_hospital_management_system_project:health_care_hospital_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
health_care_hospital_management_system_project	health_care_hospital_management_system	1.0	cpe:2.3:a:health_care_hospital_management_system_project:health_care_hospital_management_system:1.0:::::::*

References

code-projects.org/health-care-hospital-in-php-css-js-and-mysql-free-download/

github.com/himanshubindra/CVEs/blob/main/CVE-2024-37803