CVE-2026-2154

Sažetak

A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument First Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Reference

https://medium.com/@rvpipalwa/stored-cross-site-scripting-xss-vulnerability-report-c97788dd6ea6
https://vuldb.com/?ctiid.344856
https://vuldb.com/?id.344856
https://vuldb.com/?submit.748208

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-02-2026 - 14:16

Objavljeno

08-02-2026 - 14:16