CVE-2026-2154
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument First Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SourceCodester | Patients Waiting Area Queue Management System | 1.0 | affected |
| Patrick Mvuma | Patients Waiting Area Queue Management System | 1.0 | affected |
Weaknesses
- CWE-79: Cross Site Scripting
- CWE-94: Code Injection
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.344856
- https://vuldb.com/?ctiid.344856
- https://vuldb.com/?submit.748208
- https://medium.com/@rvpipalwa/stored-cross-site-scripting-xss-vulnerability-report-c97788dd6ea6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.