Reflected Cross-Site Scripting Vulnerability in Clinic Queuing System by Incibe
CVE-2025-2870

4.8MEDIUM

Key Information:

Vendor: Clinic Queuing System
Status: Clinic Queuing System
Vendor: CVE Published:; 28 March 2025

🔔 Create Clinic Queuing System Vulnerability Alert

What is CVE-2025-2870?

A reflected cross-site scripting (XSS) vulnerability exists in the Clinic Queuing System version 1.0 that allows attackers to execute arbitrary JavaScript code in the web browser of users. By crafting a malicious URL that manipulates the page parameter in the /patient_side.php, an attacker can potentially exploit this vulnerability, leading to unauthorized activities or data exposure on the affected system.

Affected Version(s)

Clinic Queuing System 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 27, 2025

Credit

Rafael Pedrero

JSON