Login Sign Up

CVE-2025-45805

7.6 HIGH
Cross-Site Scripting

📋 TL;DR

CVE-2025-45805 is a stored cross-site scripting (XSS) vulnerability in phpgurukul Doctor Appointment Management System 1.0. Authenticated doctor users can inject malicious JavaScript into their profile name, which executes when other users view the doctor's profile to book appointments. This affects all users of the vulnerable system.

💻 Affected Systems

Products:
  • phpgurukul Doctor Appointment Management System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated doctor account to exploit, but affects all users viewing doctor profiles.

📦 What is this software?

Doctor Appointment Management System by Phpgurukul

View all CVEs affecting Doctor Appointment Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform account takeovers, redirect users to malicious sites, or deploy malware through the application.

🟠

Likely Case

Session hijacking, credential theft, and unauthorized actions performed as authenticated users.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only minor UI disruption.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Multiple public PoCs available on GitHub. Requires doctor-level authentication but trivial to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql

Restart Required: No

Instructions:

No official patch available. Implement input validation and output encoding as workaround.

🔧 Temporary Workarounds

Implement Input Validation

all

Add server-side validation to sanitize doctor profile name input

Edit PHP files handling doctor profile updates to filter/escape special characters

Implement Output Encoding

all

Encode user-controlled data before rendering in HTML context

Use htmlspecialchars() or similar functions when outputting doctor names

🧯 If You Can't Patch

  • Restrict doctor account creation and monitor existing doctor accounts
  • Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

As authenticated doctor, attempt to inject <script>alert('XSS')</script> into profile name and check if it executes when viewing profile.

Check Version:

Check system version in admin panel or about page

Verify Fix Applied:

Test that script tags and other HTML/JavaScript payloads are properly escaped in profile display.

📡 Detection & Monitoring

Log Indicators:

  • Unusual doctor profile name updates containing script tags or JavaScript code
  • Multiple failed login attempts followed by profile updates

Network Indicators:

  • HTTP requests with script payloads in POST parameters
  • Unusual outbound connections from application server

SIEM Query:

source="web_logs" AND (uri="/update-profile.php" OR uri="/doctor-profile.php") AND (message="*<script>*" OR message="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-45805
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
CWE: CWE-79
EPSS Score: 0.01% exploit probability (0.9th percentile)
Published: September 3, 2025
Last Updated: December 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45805, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)