Cross-Site Scripting Vulnerability in Campcodes Hospital Management System
CVE-2025-9746
Key Information:
- Vendor
Campcodes
- Vendor
- CVE Published:
- 31 August 2025
Badges
What is CVE-2025-9746?
A vulnerability has been identified in the Campcodes Hospital Management System 1.0 affecting the Edit Doctor Specialization Page. The flaw resides in the file /admin/edit-doctor-specialization.php, allowing attackers to execute malicious scripts in users' browsers via cross-site scripting (XSS). This vulnerability can be exploited remotely, potentially leading to unauthorized actions or data theft. The exploit is publicly available, making it essential for users to take immediate action to mitigate risks.
Affected Version(s)
Hospital Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved