Cross-Site Scripting Vulnerability in Doctor Appointment Management System by phpgurukul
CVE-2022-46128

6.1MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Doctor Appointment Management System
Vendor: CVE Published:; 26 January 2023

What is CVE-2022-46128?

The Doctor Appointment Management System by phpgurukul is susceptible to Cross-Site Scripting (XSS) attacks through variables passed in the search data. This vulnerability enables an attacker to inject malicious scripts, potentially compromising user data and session cookies. Proper input validation and sanitization measures should be implemented to mitigate risks associated with this security flaw.

References

https://phpgurukul.com/projects/Doctor-Appointment-System...

https://github.com/Rajeshwar40/CVE/blob/main/2022-46128

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Nov 28, 2022

PHPgurukul

What is CVE-2022-46128?

References

CVSS V3.1

Timeline