In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.
History

Thu, 04 Sep 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Phpgurukul
Phpgurukul doctor Appointment Management System
Vendors & Products Phpgurukul
Phpgurukul doctor Appointment Management System

Wed, 03 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
Description In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-03T18:35:40.522Z

Reserved: 2025-04-22T00:00:00.000Z

Link: CVE-2025-45805

cve-icon Vulnrichment

Updated: 2025-09-03T18:34:55.608Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-03T18:15:34.910

Modified: 2025-09-04T15:35:29.497

Link: CVE-2025-45805

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-04T13:12:18Z