CVE-2024-10806

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 5, 2024

Updated: Nov 6, 2024

CWE ID 707

CWE ID 79

CWE ID 74

Summary

CVE-2024-10806 is a newly disclosed vulnerability affecting the PHPGurukul Hospital Management System version 4.0. This issue lies within the code of the betweendates-detailsreports.php file, which can be exploited through manipulation of the fromdate/todate argument. The vulnerability triggers cross-site scripting (XSS), allowing remote attackers to inject malicious code and potentially gain unauthorized access. The exploit for this vulnerability has been made public, increasing the risk for potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0MydqI
https://www.cve.org/CVERecord?id=CVE-2024-10806
https://nvd.nist.gov/vuln/detail/CVE-2024-10806

Back to Vulnerability Database

CVE-2024-10806

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations