Cross site scripting in Hospital Management System Gurukul v4.0

Multiple cross site scripting vulnerabilities are present in Hospital Management System version 4.0. The following :

file: hospital/hms/doctor/search.php
line: 72
HTTP parameter name:   searchdata

file: hospital/hms/admin/patient-search.php",
line: 72,
HTTP parameter name: searchdata
file: hospital/hms/admin/betweendates-detailsreports.php",
line:  57,
HTTP parmeter name: fromdate

file: hospital/hms/admin/betweendates-detailsreports.php",
line: 58,
HTTP parameter name: todate

Above vulnerabilities are published at CVE-2021-39411

This vulnerability was detected as part of the DARPA CHESS program