PHPGurukul Hospital Management System Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in PHPGurukul Hospital Management System version 4.0. The issue arises in the 'edit-patient.php' file, specifically within the POST parameter handler. The vulnerability allows attackers to inject malicious scripts into the 'patname' parameter, which are then permanently stored in the database. These scripts are executed when the patient's profile page is accessed, potentially leading to session hijacking, phishing, defacement, data exfiltration, malware propagation, and privilege escalation.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the profile page.

Reproduction

To reproduce this vulnerability, log into the hospital management system and navigate to the patient management dashboard. Select any patient and go to the 'edit' option. Inject a script payload into the 'patient name' input field and click 'Update'. Once the profile page is reloaded, the injected script will execute, confirming the presence of the vulnerability.

Remediation

It is recommended to sanitize user inputs on the server side, encode outputs before rendering dynamic content, implement a strict Content Security Policy, use modern PHP frameworks that offer built-in XSS protection, and conduct regular security testing with tools like OWASP ZAP or Burp Suite.