CVE-2024-0286 MEDIUM

CVE-2024-0286: PHPGurukul Hospital Management System Contact Form index.php#contact_us cross site scripting

Vendor Phpgurukul

Product Hospital Management System

Weakness CWE-79 · XSS

Published January 7, 2024

Last update June 17, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.

Key dates

02Disclosure timeline

January 7, 2024 CVE published

June 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-0286 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-49293 Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite CVE-2021-47725 STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting via Files Parameter CVE-2023-48462 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2025-30530 WordPress AI Preloader plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability CVE-2022-47173 WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.62.0 is vulnerable to Cross Site Scripting (XSS)