CVE-2025-45805

High CVSS: 7.6

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.

Vendor

Phpgurukul

Product

Doctor Appointment Management System

CWE

CWE-79

Yayın Tarihi

2025-09-03 18:15:34

Güncelleme

2025-12-16 17:16:08

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Doctor Appointment Management System HIGH Phpgurukul 2025

Referanslar

https://github.com/mhsinj/CVE-2025-45805 https://github.com/mohammed-alsaqqaf/CVE-2025-45805 https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql

Benzer Kayıtlar

Medium

CVE-2024-51226

A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Recor…

Medium

CVE-2024-51225

A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Man…

Medium

CVE-2024-51224

Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Recor…

Medium

CVE-2024-51223

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag…

Medium

CVE-2024-51222

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag…

Medium

CVE-2026-3403

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown process…