Platform
php
Component
cves-and-vulnerabilities
Fixed in
1.0.1
CVE-2024-11102 describes a cross-site scripting (XSS) vulnerability discovered in SourceCodester Hospital Management System version 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user data and system integrity. The vulnerability impacts the /vm/doctor/edit-doc.php file and is addressed in version 1.0.1.
Successful exploitation of CVE-2024-11102 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, credential theft, and defacement of the application's interface. An attacker could potentially steal sensitive patient data or gain unauthorized access to administrative functions within the Hospital Management System. The impact is amplified if the system is used in a multi-user environment, as a single compromised account could be used to target other users.
CVE-2024-11102 has been publicly disclosed, increasing the risk of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on sensitive data warrant immediate attention. No active exploitation campaigns are currently known, but the availability of the vulnerability details makes it a potential target for opportunistic attackers. The vulnerability was published on 2024-11-12.
Exploit Status
EPSS
0.18% (40% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-11102 is to upgrade to version 1.0.1 of SourceCodester Hospital Management System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /vm/doctor/edit-doc.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide a temporary layer of protection. Regularly review and update security policies to prevent similar vulnerabilities in the future.
Actualice el sistema Hospital Management System a una versión parcheada que solucione la vulnerabilidad XSS. Si no hay una versión disponible, revise y filtre las entradas del parámetro 'name' en el archivo edit-doc.php para evitar la inyección de código malicioso. Considere deshabilitar temporalmente la funcionalidad afectada hasta que se pueda aplicar una solución.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-11102 is a cross-site scripting (XSS) vulnerability affecting SourceCodester Hospital Management System version 1.0, allowing attackers to inject malicious scripts.
You are affected if you are using SourceCodester Hospital Management System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the /vm/doctor/edit-doc.php file.
While no active exploitation campaigns are currently known, the public disclosure of the vulnerability increases the risk of exploitation.
Refer to the SourceCodester website or their official communication channels for the advisory related to CVE-2024-11102.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.