A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
History

Wed, 04 Dec 2024 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Hospital Management System Project
Hospital Management System Project hospital Management System
CPEs cpe:2.3:a:hospital_management_system_project:hospital_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Hospital Management System Project
Hospital Management System Project hospital Management System

Tue, 26 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Codeastro
Codeastro hospital Management System
CPEs cpe:2.3:a:codeastro:hospital_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Codeastro
Codeastro hospital Management System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 Nov 2024 00:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-26T00:31:04.233Z

Updated: 2024-11-26T15:33:07.591Z

Reserved: 2024-11-25T14:44:54.532Z

Link: CVE-2024-11676

cve-icon Vulnrichment

Updated: 2024-11-26T15:33:02.209Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-26T01:15:06.683

Modified: 2024-12-04T20:19:52.030

Link: CVE-2024-11676

cve-icon Redhat

No data.