CVE-2015-10032 LOW

CVE-2015-10032: HealthMateWeb createaccount.php cross site scripting

Vendor N/A

Product HealthMateWeb

Weakness CWE-79 · XSS

Published January 9, 2023

Last update April 9, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The patch is named 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663.

Key dates

02Disclosure timeline

January 9, 2023 CVE published

April 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2015-10032 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-31255 WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability CVE-2023-4981 Cross-site Scripting (XSS) - DOM in librenms/librenms CVE-2024-9300 SourceCodester Online Railway Reservation System Message Us Form contact_us.php cross site scripting CVE-2025-13463 Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid CVE-2025-48092 WordPress Fix Multiple Redirects plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability