CVE-2023-6297

Summary

CVE-2023-6297 is a newly disclosed vulnerability affecting the PHPGurukul Nipah Virus Testing Management System 1.0. In the Search Report Page component, specifically the patient-search-report.php file, a cross-site scripting (XSS) issue has been identified. By manipulating the Search By Patient Name argument with <script>alert(document.cookie)</script>, attackers can execute malicious scripts in the context of the affected user. This vulnerability can be exploited remotely, making it a significant security concern. The exploit for this issue has been made public, increasing the risk of attacks. The associated identifier for this vulnerability is VDB-246123.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.