CNNVD-202506-2891 Information

CNNVD ID

CNNVD-202506-2891

Related CVE

CVE-2025-6452

• CNNVD Published: 2025-06-22

Description (Chinese)

CodeAstro Patient Record Management System是CodeAstro公司的一个病历管理系统。 CodeAstro Patient Record Management System 1.0版本存在代码注入漏洞，该漏洞源于组件Generate New Report Page中参数Patient Name/Name的错误操作导致跨站脚本。

Description (English)

CodeAstro Patient Reform Management System is a medical records management system for CodeAstro. There is a code-injection loophole in version 1.0 of CodeAstro.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

CodeAstro

Published

2025-06-22

Last Modified

2026-02-24

References

https://vuldb.com/?submit.598711 https://codeastro.com/ https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md https://vuldb.com/?id.313559 https://vuldb.com/?ctiid.313559 https://github.com/Vanshdhawan188/CodeAstro-Online-Healthcare-Patient-Record-Management-System/blob/main/CodeAstro-Online-Healthcare-Patient-Record-Management-System.md#-proof-of-concept-poc https://access.redhat.com/security/cve/cve-2025-6452