CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.

**poc**

An unauthenticated malicious user can take advantage of a Reflected XSS vulnerability in the treatmentrecord.php.  
`/treatmentrecord.php?patientid=noname%27><script>alert(1)</script>`

![image](https://user-images.githubusercontent.com/38547290/154395249-85b1cc45-e273-435d-ba3c-872ff09e8b76.png)

**analysis**

treatmentrecord.php line178 without any filter.  
![image](https://user-images.githubusercontent.com/38547290/154395462-e418cda1-342e-4c3d-a34c-dac7ca6c8b8f.png)

Headline

CVE-2022-25493: Reflected XSS attack in treatmentrecord.php · Discussion #10 · kabirkhyrul/HMS

CVE: Latest News