CVE-2025-6613

A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/Vanshdhawan188/Stored-XSS-Hospital-Management/blob/main/Stored-XSS-Hospital-Management.md Exploit Third Party Advisory
https://phpgurukul.com/ Product
https://vuldb.com/?ctiid.313831 Permissions Required VDB Entry
https://vuldb.com/?id.313831 Third Party Advisory VDB Entry
https://vuldb.com/?submit.602005 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:anujk305:hospital_management_system:4.0:*:*:*:*:*:*:*

History

02 Jul 2025, 16:43

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-25 10:15

Updated : 2025-07-02 16:43


NVD link : CVE-2025-6613

Mitre link : CVE-2025-6613

CVE.ORG link : CVE-2025-6613


JSON object : View

Products Affected

anujk305

  • hospital_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')