PT-2026-3429 · Patrick Mvuma+1 · Patrick Mvuma Patients Waiting Area Queue Management System+1

Bobsux

Published

2026-01-19

Updated

2026-01-19

CVE-2026-1146

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0

Description A cross site scripting issue exists in the file /php/api register patient.php. Manipulation of the firstName and lastName arguments can lead to the execution of malicious scripts. This attack can be performed remotely. The exploit for this issue has been publicly disclosed.

Recommendations Apply any available updates or patches for the affected software. As a temporary workaround, consider sanitizing the firstName and lastName input parameters in the /php/api register patient.php file to prevent the injection of malicious scripts.

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-1146

Affected Products

Patients Waiting Area Queue Management System

Patrick Mvuma Patients Waiting Area Queue Management System

CVE-2026-1146

Weakness Enumeration

Related Identifiers

Affected Products

References · 6