Cross Site Scripting Vulnerability in SourceCodester Queue Management System
CVE-2026-1146

5.1MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Patients Waiting Area Queue Management System
Vendor: CVE Published:; 19 January 2026

🔔 Create Sourcecodester Vulnerability Alert

What is CVE-2026-1146?

A cross site scripting (XSS) vulnerability exists in unsupported functionality of the file /php/api_register_patient.php within the Patrick Mvuma Patients Waiting Area Queue Management System version 1.0. By manipulating user-supplied parameters such as firstName and lastName, an attacker can potentially execute arbitrary scripts in the context of the user's session. This issue, which may be exploited remotely, poses a significant threat as it can lead to unauthorized data access and compromising user security.