Cross-Site Scripting Risk in Clinic's Patient Management System by Oret Nom
CVE-2022-35117

4.8MEDIUM

Key Information:

Vendor

Clinic\'s Patient Management System Project

Status
Clinic\'s Patient Management System
Vendor
CVE Published:
17 August 2022

What is CVE-2022-35117?

A cross-site scripting vulnerability has been identified in the Version 1.0 of Clinic's Patient Management System. The issue arises in the 'update_medicine_details.php' file, specifically within the Packing text box found in the Update Medical Details module. This flaw enables attackers to inject arbitrary web scripts or HTML into the application by crafting a malicious payload, potentially allowing unauthorized actions or data manipulation that could compromise the integrity of the system and its users.

References

https://github.com/zhangzhaoyuela/bug_report/blob/main/ve...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-35117 : Cross-Site Scripting Risk in Clinic's Patient Management System by Oret Nom