CVE-2023-37070

low-risk
Published 2023-08-14

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)

Do I need to act?

-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Hospital Information System

Affected Vendors

Code-Projects

References (7)

Product https://code-projects.org/hospital-information-system-in-php-with-source-code/
Exploit https://github.com/InfoSecWarrior/Offensive-Payloads/blob/main/Cross-Site-Script...
Exploit https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37070-Exploit.md
https://github.com/riteshs4hu/My-CVE/blob/main/CVE-2023-37070-Exploit.md
Product https://code-projects.org/hospital-information-system-in-php-with-source-code/
Exploit https://github.com/InfoSecWarrior/Offensive-Payloads/blob/main/Cross-Site-Script...
Exploit https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37070-Exploit.md
24
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal