CVE-2026-2154

Name of the Vulnerable Software and Affected Versions SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0

Description A cross site scripting issue exists due to the manipulation of the First Name argument. This affects an unknown function within the /registration.php file of the Patient Registration Module. Remote exploitation is possible, and an exploit is publicly available.

Recommendations Apply any available updates to address the issue in the Patient Registration Module. As a temporary workaround, consider sanitizing the First Name input to prevent script injection. Restrict access to the /registration.php file to minimize the risk of exploitation.