CVE-2024-11676
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-11676 is a newly disclosed vulnerability affecting the CodeAstro Hospital Management System 1.0. This issue lies in the Add Laboratory Equipment Page's /backend/admin/his_admin_add_lab_equipment.php component, which handles user input for eqp_code, eqp_name, eqp_vendor, eqp_desc, eqp_dept, eqp_status, and eqp_qty parameters. An attacker can exploit this vulnerability through cross-site scripting, allowing them to inject malicious code into a user's browser. The exploit can be launched remotely, making it a significant security risk. Public disclosure of the exploit increases the likelihood of its use in cyber-attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.