CNNVD-202512-2147 Information

CNNVD ID

CNNVD-202512-2147

Related CVE

CVE-2025-66918

• CNNVD Published: 2025-12-11

Description (Chinese)

Edoc-doctor-appointment-system是HashenUdara个人开发者的简单的Web项目，用于电子通道。 Edoc-doctor-appointment-system 1.0.1版本存在安全漏洞，该漏洞源于admin/add-session.php中title参数未过滤，可能导致跨站脚本攻击。

Description (English)

Edoc-doctor-apppointment-system is a simple Web project for HashenUdara’s personal developer for electronic access. There is a security loophole in version 1.0.1 of Edoc-doctor-application-system, which originates from the non-filtered title parameters in admin/add-session.php, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/HashenUdara/edoc-doctor-appointment-system https://github.com/omkaryepre/vulnerability-research/blob/main/CVE-2025-66918/readme.md