CVE-2026-2150

Name of the Vulnerable Software and Affected Versions SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0

Description A flaw exists in the Patients Waiting Area Queue Management System that allows for cross site scripting. This manipulation occurs through the patient id argument in the /checkin.php file and can be initiated remotely. The exploit has been published.

Recommendations Apply any available updates or patches for the Patients Waiting Area Queue Management System. As a temporary workaround, consider restricting access to the /checkin.php file. Sanitize the patient id input to prevent the injection of malicious scripts.