PT-2025-13473 · Unknown · Clinic Queuing System

Rafael Pedrero

Published

2025-03-28

Updated

2025-10-15

CVE-2025-2870

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Clinic Queuing System version 1.0

Description The issue is a Reflected Cross-Site Scripting (XSS) vulnerability. This could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in "/patient side.php" API endpoint.

Recommendations For Clinic Queuing System version 1.0, consider disabling the /patient side.php endpoint until a patch is available, or restrict access to it to minimize the risk of exploitation. Avoid using the page parameter in the affected API endpoint until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-2870

Affected Products

Clinic Queuing System

PT-2025-13473 · Unknown · Clinic Queuing System

CVE-2025-2870

Weakness Enumeration

Related Identifiers

Affected Products

References · 7