Cross Site Scripting in SourceCodester Patients Waiting Area Queue Management System by Patrick Mvuma
CVE-2026-2154

5.3MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Patients Waiting Area Queue Management System
Vendor
CVE Published:
8 February 2026

What is CVE-2026-2154?

A vulnerability exists in the Patients Waiting Area Queue Management System by SourceCodester, specifically within the Patient Registration Module. An improperly handled input in the /registration.php file allows attackers to manipulate the 'First Name' argument, enabling cross site scripting attacks. This security flaw can be exploited remotely, leading to unauthorized script execution in the context of the user’s session. Publicly available exploits for this vulnerability increase the urgency for users to apply necessary security patches to mitigate the risk.

Affected Version(s)

Patients Waiting Area Queue Management System 1.0

Patients Waiting Area Queue Management System 1.0

References

https://vuldb.com/?id.344856
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344856
signaturepermissions-required
https://vuldb.com/?submit.748208
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rvpipalwa (VulDB User)
.