CVE-2025-6613
BaseFortify
Publication date: 2025-06-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anujk305 | hospital_management_system | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6613 is a cross-site scripting (XSS) vulnerability in PHPGurukul Hospital Management System version 4.0, specifically in the /doctor/manage-patient.php file. It occurs due to improper neutralization of user input in the 'Name' parameter, allowing attackers to inject malicious scripts that are stored and executed in the context of users accessing the affected page. This persistent XSS flaw can compromise user sessions and enable unauthorized actions. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the context of users accessing the affected page. This can lead to compromised user sessions, theft of sensitive information, and unauthorized actions within the application. The attack can be launched remotely and requires some user interaction, making it a significant security risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by identifying instances of the vulnerable file /doctor/manage-patient.php on your system or network. A suggested method is to use Google dorking with the query `inurl:doctor/manage-patient.php` to find potentially vulnerable targets. Additionally, checking for the presence of the 'Name' parameter in requests to this file and testing for reflected or stored cross-site scripting payloads can help detect exploitation. Specific commands are not provided, but using web vulnerability scanners or manual testing with XSS payloads targeting the 'Name' parameter in /doctor/manage-patient.php is recommended. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected PHPGurukul Hospital Management System version 4.0 with an alternative product, as no known countermeasures or mitigations have been documented. Additionally, implementing proper input validation and output encoding on the 'Name' parameter in /doctor/manage-patient.php can help prevent script injection. Restricting user input and applying web application firewalls to detect and block XSS payloads may also reduce risk until a permanent fix is applied. [2, 1]