免费扫描
LOWCVE-2024-11102CVSS 3.5

SourceCodester Hospital Management System edit-doc.php cross site scripting

翻译中…

平台

php

组件

cves-and-vulnerabilities

修复版本

1.0.1

AI Confidence: highNVDEPSS 0.2%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2024-11102 describes a cross-site scripting (XSS) vulnerability discovered in SourceCodester Hospital Management System version 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user data and system integrity. The vulnerability impacts the /vm/doctor/edit-doc.php file and is addressed in version 1.0.1.

影响与攻击场景翻译中…

Successful exploitation of CVE-2024-11102 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, credential theft, and defacement of the application's interface. An attacker could potentially steal sensitive patient data or gain unauthorized access to administrative functions within the Hospital Management System. The impact is amplified if the system is used in a multi-user environment, as a single compromised account could be used to target other users.

利用背景翻译中…

CVE-2024-11102 has been publicly disclosed, increasing the risk of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on sensitive data warrant immediate attention. No active exploitation campaigns are currently known, but the availability of the vulnerability details makes it a potential target for opportunistic attackers. The vulnerability was published on 2024-11-12.

哪些人处于风险中翻译中…

Healthcare providers and organizations utilizing SourceCodester Hospital Management System version 1.0 are at risk. This includes small clinics, private practices, and hospitals relying on this system for patient data management. Shared hosting environments where multiple users share the same server instance are particularly vulnerable, as a compromise of one user's account could potentially impact others.

检测步骤翻译中…

• php: Examine the /vm/doctor/edit-doc.php file for unsanitized user input. Search for instances where data from the name parameter is directly output to the page without proper encoding.

// Example of vulnerable code
<?php
echo $_GET['name']; // Vulnerable to XSS
?>

• generic web: Monitor access logs for requests to /vm/doctor/edit-doc.php with unusual or suspicious parameters in the name query string. Look for patterns indicative of XSS payloads (e.g., <script>, <iframe>).

grep 'name=[^a-zA-Z0-9_]' /var/log/apache2/access.log

攻击时间线

  1. Disclosure

    disclosure

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.18% (40% 百分位)

CISA SSVC

利用情况poc
可自动化no
技术影响partial

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N3.5LOWAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredLow攻击所需的认证级别User InteractionRequired是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityNone敏感数据泄露风险IntegrityLow数据未授权篡改风险AvailabilityNone服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
低 — 任何有效用户账户均可。
User Interaction
需要 — 受害者必须打开文件、点击链接或访问特制页面。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
无 — 无机密性影响。
Integrity
低 — 攻击者可修改部分数据,影响有限。
Availability
无 — 无可用性影响。

受影响的软件

组件cves-and-vulnerabilities
供应商SourceCodester
影响范围修复版本
1.0 – 1.01.0.1

弱点分类 (CWE)

CWE-79CWE-94

时间线

  1. 已保留
  2. 发布日期
  3. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2024-11102 is to upgrade to version 1.0.1 of SourceCodester Hospital Management System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /vm/doctor/edit-doc.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide a temporary layer of protection. Regularly review and update security policies to prevent similar vulnerabilities in the future.

修复方法翻译中…

Actualice el sistema Hospital Management System a una versión parcheada que solucione la vulnerabilidad XSS. Si no hay una versión disponible, revise y filtre las entradas del parámetro 'name' en el archivo edit-doc.php para evitar la inyección de código malicioso. Considere deshabilitar temporalmente la funcionalidad afectada hasta que se pueda aplicar una solución.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2024-11102 — XSS in SourceCodester Hospital Management System?

CVE-2024-11102 is a cross-site scripting (XSS) vulnerability affecting SourceCodester Hospital Management System version 1.0, allowing attackers to inject malicious scripts.

Am I affected by CVE-2024-11102 in SourceCodester Hospital Management System?

You are affected if you are using SourceCodester Hospital Management System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.

How do I fix CVE-2024-11102 in SourceCodester Hospital Management System?

Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the /vm/doctor/edit-doc.php file.

Is CVE-2024-11102 being actively exploited?

While no active exploitation campaigns are currently known, the public disclosure of the vulnerability increases the risk of exploitation.

Where can I find the official SourceCodester advisory for CVE-2024-11102?

Refer to the SourceCodester website or their official communication channels for the advisory related to CVE-2024-11102.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE