PatchSiren cyber security CVE debrief
CVE-2026-11512 itsourcecode CVE debrief
A low-severity cross site scripting vulnerability has been detected in Itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
- Vendor
- itsourcecode
- Product
- Hospital Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of Itsourcecode Hospital Management System 1.0 should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 2.1 and is classified as low severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
Low
Recommended defensive actions
- Apply patches or updates to fix the vulnerability in /billing.php
- Restrict access to the /billing.php file
- Implement input validation and sanitization for the patientid argument
Evidence notes
The vulnerability was detected in Itsourcecode Hospital Management System 1.0. The exploit has been disclosed publicly and may be used.
Official resources
CVE-2026-11512 was published on 2026-06-08T13:16:32.197Z and modified on 2026-06-08T14:57:14.757Z.