PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25271
Reference (s):
- https://github.com/Ko-kn3t/CVE-2020-25271
- https://phpgurukul.com