PT-2025-13472 · Unknown · Clinic Queuing System

Rafael Pedrero

Published

2025-03-28

Updated

2025-10-15

CVE-2025-2869

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Clinic Queuing System version 1.0

Description The issue is a Reflected Cross-Site Scripting (XSS) vulnerability. This could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in "/manage user.php" API endpoint.

Recommendations For Clinic Queuing System version 1.0, consider disabling the id parameter in the "/manage user.php" API endpoint until a patch is available. Restrict access to the "/manage user.php" endpoint to minimize the risk of exploitation. Avoid using the id parameter in the affected API endpoint until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-2869

Affected Products

Clinic Queuing System

PT-2025-13472 · Unknown · Clinic Queuing System

CVE-2025-2869

Weakness Enumeration

Related Identifiers

Affected Products

References · 7