CVE-2024-7016 MEDIUM

CVE-2024-7016: Stored XSS in Smarttek Informatics' Smart Doctor

Vendor Smarttek Informatics

Product Smart Doctor

Weakness CWE-79 · XSS

Published November 21, 2024

Last update June 3, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smarttek Informatics Smart Doctor's allows Stored XSS required admin privileges. This issue affects Smart Doctor: through 21.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

November 21, 2024 CVE published

June 3, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-7016 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2024-7016: Stored XSS in Smarttek Informatics' Smart Doctor

01Description

02Disclosure timeline

03References

04Related CVE