Qdocs : Security Vulnerabilities, CVEs, CVSS score >= 1
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
Max CVSS
4.8
EPSS Score
0.13%
Published
2021-01-26
Updated
2021-02-01
CVE-2023-5495
Public exploit
A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-10-10
Updated
2024-04-11
2 vulnerabilities found