CVE-2026-36388

EPSS 0.03% · P8 Updated May 08, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-36388

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker (patient) to inject a malicious script payload into the User Name parameter, which is stored in the application and later rendered in the doctor s interface.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

PHPGurukul Hospital Management System 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PHPGurukul Hospital Management System是PHPGurukul公司的一套基于PHP和MySQL的医院管理系统。 PHPGurukal Hospital Management System v4.0版本存在跨站脚本漏洞，该漏洞源于/hospital/hms/edit-profile.php页面中，已认证的攻击者可将恶意脚本负载注入User Name参数，该参数存储后会在医生界面渲染，可能导致跨站脚本攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2026-36388

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-36388

请登录查看更多情报信息。

Same Patch Batch · n/a · 2026-05-07 · 14 CVEs total

CVE-2026-8114	6.3 MEDIUM	JeecgBoot JSON Object loadTreeData sql injection
CVE-2026-36458		ChestnutCMS 安全漏洞
CVE-2026-30496		Optoma CinemaX P2 安全漏洞
CVE-2026-30495		Optoma CinemaX P2 安全漏洞
CVE-2025-67202		sidekiq-cron 安全漏洞
CVE-2025-63706		next-npm-version 1.0.1 安全漏洞
CVE-2025-63705		Node Typescript OCR 安全漏洞
CVE-2026-36387		CodeAstro Membership Management System 代码问题漏洞
CVE-2025-65122		youtube-regex 资源管理错误漏洞
CVE-2026-36341		Webkul Krayin CRM 跨站脚本漏洞
CVE-2025-63704		Query String Parser 安全漏洞
CVE-2025-63703		parse-ini 安全漏洞
CVE-2026-37709		Snipe-IT 访问控制错误漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2026-36388

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-36388

I. Basic Information for CVE-2026-36388

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-36388

III. Intelligence Information for CVE-2026-36388

Same Patch Batch · n/a · 2026-05-07 · 14 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-36388

Leave a comment