CVE-2024-6273

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinic Queuing System version 1.0

Description: A vulnerability was found in the Clinic Queuing System, affecting the function save patient of the file patient side.php. The manipulation of the arguments Full Name, Contact, and Address leads to cross-site scripting. The attack can be launched remotely. The input fields Full Name, Contact, and Address do not sanitize user input, which leads to stored cross-site scripting.

Recommendations: As a temporary workaround, consider disabling the save patient function in the patient side.php file until a patch is available. Restrict access to the input fields Full Name, Contact, and Address to minimize the risk of exploitation. Avoid using these fields in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.