Description
A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-06-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in the billing.php script of itsourcecode Hospital Management System that improperly handles the patientid argument, causing unsanitized user input to be reflected back to the browser. This allows an attacker to insert arbitrary JavaScript into the page. The defect is exploitable over a remote web request. The description states the attack can be initiated remotely and the exploit has been disclosed publicly, indicating that attackers can easily construct malicious URLs.

Affected Systems

The affected product is itsourcecode Hospital Management System version 1.0, specifically the /billing.php endpoint. The vulnerability arises from unknown processing of the patientid argument in this file.

Risk and Exploitability

The CVSS score of 5.3 signals moderate severity, and although no EPSS score is available and the issue is not listed in the CISA KEV catalog, a remote attacker can deliver a malicious payload via a crafted patientid parameter, leading to cross‑site scripting.

Generated by OpenCVE AI on June 8, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of the Hospital Management System, where billing.php has been fixed to properly sanitize the patientid input.
  • If an update is not immediately possible, implement server‑side validation that ensures patientid contains only numeric characters, and apply output encoding such as htmlspecialchars before rendering data derived from this parameter.
  • Configure a robust Content Security Policy that restricts inline script execution, thereby limiting the impact of any remaining reflected XSS payloads.

Generated by OpenCVE AI on June 8, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Title itsourcecode Hospital Management System billing.php cross site scripting
First Time appeared Itsourcecode
Itsourcecode hospital Management System
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:itsourcecode:hospital_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode hospital Management System
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Hospital Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T13:59:55.403Z

Reserved: 2026-06-07T15:49:59.558Z

Link: CVE-2026-11512

cve-icon Vulnrichment

Updated: 2026-06-08T13:59:51.861Z

cve-icon NVD

Status : Deferred

Published: 2026-06-08T13:16:32.197

Modified: 2026-06-08T14:57:14.757

Link: CVE-2026-11512

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T15:15:26Z

Weaknesses