PT-2026-6976 · Sourcecodester/Patrick Mvuma · Patients Waiting Area Queue Management System

Webray.Com.Cn

·

Publicado

2026-02-08

·

Atualizado

2026-02-08

·

CVE-2026-2149

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0
Description A flaw exists in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 related to cross site scripting. The issue is triggered by manipulating the patient id argument in the /appointments.php file. This allows for remote attacks. The exploit is publicly available.
Recommendations Apply any available updates or patches for the application. As a temporary workaround, sanitize the patient id input to prevent script injection. Restrict access to the /appointments.php file if possible.

Exploit

Correção

XSS

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-94

Identificadores relacionados

CVE-2026-2149

Produtos afetados

Patients Waiting Area Queue Management System