exploitDog

CVE-2025-45805

Опубликовано: 03 сент. 2025

Источник: nvd

CVSS3: 7.6

EPSS Низкий

Описание

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.

Ссылки

https://github.com/mhsinj/CVE-2025-45805
Third Party Advisory
https://github.com/mohammed-alsaqqaf/CVE-2025-45805
https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:doctor_appointment_management_system:1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00008

Низкий

7.6 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gmfc-6cfw-wmrf

CVSS3: 7.6

github

5 месяцев назад

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.

EPSS

Процентиль: 1%

0.00008

Низкий

7.6 High

CVSS3

Дефекты

CWE-79

Уязвимость CVE-2025-45805