Your browser is unsupported

We recommend using the latest version of IE11, Edge, Chrome, Firefox or Safari.

Cross site scripting in Hospital Management System Gurukul v4.0

Multiple cross site scripting vulnerabilities are present in Hospital Management System version 4.0. The following :

file: hospital/hms/doctor/search.php
line: 72
HTTP parameter name:   searchdata

file: hospital/hms/admin/patient-search.php",
line: 72,
HTTP parameter name: searchdata
file: hospital/hms/admin/betweendates-detailsreports.php",
line:  57,
HTTP parmeter name: fromdate

file: hospital/hms/admin/betweendates-detailsreports.php",
line: 58,
HTTP parameter name: todate

Above vulnerabilities are published at CVE-2021-39411

This vulnerability was detected as part of the DARPA CHESS program