Unrated severityNVD Advisory· Published Nov 30, 2023· Updated Feb 6, 2026
Cross-site Scripting vulnerability in BigProf products
CVE-2023-6425
Description
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 2.2
- BigProf/Online Clinic Management Systemv5Range: 2.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.