Reflected Cross-Site Scripting Vulnerability in Clinic Queuing System by an Unknown Vendor
CVE-2025-2868

4.8MEDIUM

Key Information:

Vendor: Clinic Queuing System
Status: Clinic Queuing System
Vendor: CVE Published:; 28 March 2025

🔔 Create Clinic Queuing System Vulnerability Alert

What is CVE-2025-2868?

A reflected Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Clinic Queuing System, enabling attackers to inject malicious scripts into the web application. By manipulating the page parameter in /index.php, an attacker can craft a malicious URL that, when accessed by a victim, triggers the execution of JavaScript code in their browser. This vulnerability poses significant risks, including unauthorized actions, data theft, and session hijacking, as it allows attackers to exploit client-side execution vulnerabilities within the affected product.

Affected Version(s)

Clinic Queuing System 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 27, 2025

Credit

Rafael Pedrero

JSON