← Back

Edoc Doctor Appointment System

edoc-doctor-appointment-system

Vendor: Hashenudara • 9 CVEs

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-66918
1Hashenudara
1Edoc Doctor Appointment System
Dec 23, 2025
Dec 11, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.
CVE-2025-65358
1Hashenudara
1Edoc Doctor Appointment System
Dec 3, 2025
Dec 2, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.
CVE-2022-36548
1Hashenudara
1Edoc Doctor Appointment System
Dec 11, 2025
Aug 26, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via...Show more
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field.Show less
CVE-2022-36547
1Hashenudara
1Edoc Doctor Appointment System
Dec 16, 2025
Aug 26, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via...Show more
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.Show less
CVE-2022-36546
1Hashenudara
1Edoc Doctor Appointment System
Dec 16, 2025
Aug 26, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.
CVE-2022-36545
1Hashenudara
1Edoc Doctor Appointment System
Dec 16, 2025
Aug 26, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.
CVE-2022-36544
1Hashenudara
1Edoc Doctor Appointment System
Dec 16, 2025
Aug 26, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.
CVE-2022-36543
1Hashenudara
1Edoc Doctor Appointment System
Dec 16, 2025
Aug 26, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php.
CVE-2022-36542
1Hashenudara
1Edoc Doctor Appointment System
Dec 16, 2025
Aug 26, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data.