exploitDog

CVE-2020-26628

Опубликовано: 10 янв. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.

Ссылки

https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00235

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-c5j5-hp3j-jpgp

CVSS3: 6.1

github

около 2 лет назад

A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.

EPSS

Процентиль: 46%

0.00235

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79