CVE-2025-7148

A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.
Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastro:simple_hospital_management_system:1.0:*:*:*:*:*:*:*

History

09 Jul 2025, 15:33

Type Values Removed Values Added
First Time Codeastro simple Hospital Management System
Codeastro
CPE cpe:2.3:a:codeastro:simple_hospital_management_system:1.0:*:*:*:*:*:*:*
References () https://codeastro.com/ - () https://codeastro.com/ - Product
References () https://github.com/Vanshdhawan188/Simple-Hospital-Management-System-in-Python-CodeAstro-Patients-Stored-XSS/blob/main/Simple%20Hospital%20Management%20System%20in%20Python%20CodeAstro%20Patients%20Stored%20XSS.md - () https://github.com/Vanshdhawan188/Simple-Hospital-Management-System-in-Python-CodeAstro-Patients-Stored-XSS/blob/main/Simple%20Hospital%20Management%20System%20in%20Python%20CodeAstro%20Patients%20Stored%20XSS.md - Exploit, Mitigation, Third Party Advisory
References () https://vuldb.com/?ctiid.315086 - () https://vuldb.com/?ctiid.315086 - Permissions Required
References () https://vuldb.com/?id.315086 - () https://vuldb.com/?id.315086 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.606043 - () https://vuldb.com/?submit.606043 - Third Party Advisory, VDB Entry

08 Jul 2025, 16:18

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en CodeAstro Simple Hospital Management System 1.0, clasificada como problemática. Este problema afecta a una funcionalidad desconocida del archivo /patient.html del componente POST Parameter Handler. Esta manipulación provoca cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Múltiples parámetros podrían verse afectados.

07 Jul 2025, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-07 22:15

Updated : 2025-07-09 15:33


NVD link : CVE-2025-7148

Mitre link : CVE-2025-7148

CVE.ORG link : CVE-2025-7148


JSON object : View

Products Affected

codeastro

  • simple_hospital_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')