JavaScript Injection Vulnerability in Doctor Appointment Management System by phpgurukul
CVE-2025-45805

7.6HIGH

Key Information:

Vendor: phpgurukul
Status: Doctor Appointment Management System
Vendor: CVE Published:; 3 September 2025

What is CVE-2025-45805?

In the Doctor Appointment Management System version 1.0 by phpgurukul, a security flaw allows authenticated doctor users to inject arbitrary JavaScript into their profile names. When other users interact with the system and select the doctor for booking, this malicious code is executed without appropriate sanitization, leading to potential security breaches and user data compromise.

References

https://phpgurukul.com/doctor-appointment-management-syst...

https://github.com/mhsinj/CVE-2025-45805

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Apr 22, 2025