ГлавнаяУязвимости → CVE-2025-45805
7.6высокая

CVE-2025-45805

Описание

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.

Затрагиваемое ПО
Phpgurukul Doctor appointment management system
CVSS
Балл7.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Источники
https://github.com/mhsinj/CVE-2025-45805https://github.com/mohammed-alsaqqaf/CVE-2025-45805https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql