Bobsux

**Name of the Vulnerable Software and Affected Versions** SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 **Description** A cross site scripting issue exists in the file /php/api register patient.php. Manipulation of the `firstName` and `lastName` arguments can lead to the execution of malicious scripts. This attack can be performed remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Apply any available updates or patches for the affected software. As a temporary workaround, consider sanitizing the `firstName` and `lastName` input parameters in the /php/api register patient.php file to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 **Description** A flaw exists in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 that allows for cross site scripting. The issue is located in the file `/php/api patient schedule.php`. Manipulation of the `Reason` argument can trigger the flaw, enabling remote attacks. The exploit has been publicly disclosed. **Recommendations** Apply any available updates to address this issue. As a temporary workaround, sanitize the `Reason` input to prevent script injection.

**Name of the Vulnerable Software and Affected Versions** SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 **Description** A cross-site request forgery condition exists in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0. This issue affects unknown code and allows for remote exploitation. A successful attack involves manipulating the system to perform actions without the user's knowledge or consent. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.