Home

Description

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.

PUBLISHED Reserved 2025-04-22 | Published 2025-09-03 | Updated 2025-09-03 | Assigner mitre

References

phpgurukul.com/...ment-management-system-using-php-and-mysql

github.com/mhsinj/CVE-2025-45805

cve.org (CVE-2025-45805)

nvd.nist.gov (CVE-2025-45805)

Download JSON