CVE-2025-6452

A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastro:patient_record_management_system:1.0:*:*:*:*:*:*:*

History

27 Jun 2025, 17:01

Type Values Removed Values Added
CPE cpe:2.3:a:codeastro:patient_record_management_system:1.0:*:*:*:*:*:*:*
First Time Codeastro patient Record Management System
Codeastro
References () https://codeastro.com/ - () https://codeastro.com/ - Product
References () https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md - () https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md - Exploit, Mitigation, Third Party Advisory
References () https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md#-proof-of-concept-poc - () https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md#-proof-of-concept-poc - Exploit, Mitigation, Third Party Advisory
References () https://vuldb.com/?ctiid.313559 - () https://vuldb.com/?ctiid.313559 - Permissions Required
References () https://vuldb.com/?id.313559 - () https://vuldb.com/?id.313559 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.598711 - () https://vuldb.com/?submit.598711 - Third Party Advisory, VDB Entry

23 Jun 2025, 15:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en CodeAstro Patient Record Management System 1.0. Se ha clasificado como problemática. Este problema afecta a un procesamiento desconocido del componente Generate New Report Page. La manipulación del argumento "Patient Name/Name" provoca Cross-Site Scripting. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
References () https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md - () https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md -

22 Jun 2025, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-22 03:15

Updated : 2025-06-27 17:01


NVD link : CVE-2025-6452

Mitre link : CVE-2025-6452

CVE.ORG link : CVE-2025-6452


JSON object : View

Products Affected

codeastro

  • patient_record_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')