CVE-2026-1146

Name of the Vulnerable Software and Affected Versions SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0

Description A cross site scripting issue exists in the file /php/api register patient.php. Manipulation of the firstName and lastName arguments can lead to the execution of malicious scripts. This attack can be performed remotely. The exploit for this issue has been publicly disclosed.

Recommendations Apply any available updates or patches for the affected software. As a temporary workaround, consider sanitizing the firstName and lastName input parameters in the /php/api register patient.php file to prevent the injection of malicious scripts.