CVE-2021-36352

Опубликовано: 26 авг. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.

Ссылки

https://securityforeveryone.com/blog/care2x-hospital-information-management-system-0-day-vulnerability-cve-2021-36352
Third Party Advisory
https://www.exploit-db.com/exploits/50197
Exploit
Third Party Advisory
VDB Entry
https://securityforeveryone.com/blog/care2x-hospital-information-management-system-0-day-vulnerability-cve-2021-36352
Third Party Advisory
https://www.exploit-db.com/exploits/50197
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:care2x:hospital_information_management:2.7:alpha:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00175

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vp28-h326-q553

github

больше 3 лет назад