Hospital Management System
CVEs (64)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-29410 | Med | 0.40 | 6.1 | 0.00 | Mar 20, 2025 | A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter. | ||
| CVE-2020-26628 | Med | 0.40 | 6.1 | 0.01 | Jan 10, 2024 | A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting… | ||
| CVE-2023-36939 | Med | 0.40 | 6.1 | 0.01 | Jul 10, 2023 | Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field. | ||
| CVE-2021-38757 | Med | 0.40 | 6.1 | 0.01 | Aug 16, 2021 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | ||
| CVE-2023-36375 | Med | 0.35 | 5.4 | 0.01 | Jul 10, 2023 | Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details… | ||
| CVE-2021-35388 | Med | 0.35 | 5.4 | 0.00 | Oct 28, 2022 | Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | ||
| CVE-2022-25409 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2022 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | ||
| CVE-2022-25408 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2022 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | ||
| CVE-2022-25407 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2022 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | ||
| CVE-2021-38755 | Med | 0.35 | 5.3 | 0.01 | Aug 16, 2021 | Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php. | ||
| CVE-2020-26630 | Med | 0.32 | 4.9 | 0.01 | Jan 10, 2024 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. | ||
| CVE-2020-26627 | Med | 0.32 | 4.9 | 0.01 | Jan 10, 2024 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | ||
| CVE-2023-36376 | Med | 0.31 | 4.8 | 0.01 | Jul 10, 2023 | Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section. | ||
| CVE-2022-4013 | Med | 0.28 | 4.3 | 0.00 | Nov 16, 2022 | A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has… | ||
| CVE-2022-46498 | Low | 0.18 | 2.7 | 0.00 | Mar 7, 2024 | Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php. | ||
| CVE-2023-41528 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters. | |||
| CVE-2023-41527 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. | |||
| CVE-2023-40992 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter. | |||
| CVE-2023-41525 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | |||
| CVE-2023-41531 | 0.00 | — | 0.00 | Aug 7, 2025 | Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters. |
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter.
- risk 0.40cvss 6.1epss 0.01
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting…
- risk 0.40cvss 6.1epss 0.01
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.
- risk 0.40cvss 6.1epss 0.01
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details…
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.
- risk 0.35cvss 5.4epss 0.00
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.
- risk 0.35cvss 5.3epss 0.01
Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.
- risk 0.32cvss 4.9epss 0.01
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
- risk 0.32cvss 4.9epss 0.01
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
- risk 0.31cvss 4.8epss 0.01
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has…
- risk 0.18cvss 2.7epss 0.00
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php.
- CVE-2023-41528Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
- CVE-2023-41527Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
- CVE-2023-40992Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
- CVE-2023-41525Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
- CVE-2023-41531Aug 7, 2025risk 0.00cvss —epss 0.00
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
Page 3 of 4