Low severity2.4NVD Advisory· Published Aug 31, 2025· Updated Apr 29, 2026

CVE-2025-9746

Description

A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

Affected products

Campcodes/Hospital Management System
cpe:2.3:a:campcodes:hospital_management_system:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
www.campcodes.comnvdThird Party AdvisoryVDB Entry
github.com/Yashh-G/zero-day-research/blob/main/HMS_Stored_Cross-site_Scripting.docxnvdNot Applicable
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.156
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000