Submit #735543: Patrick Mvuma Patients Waiting Area Queue Management System 1.0 Cross Site Scriptinginfo

TitlePatrick Mvuma Patients Waiting Area Queue Management System 1.0 Cross Site Scripting
DescriptionPQMS-XSS-01 (pqms/php/api_register_patient.php → firstName, lastName) Title: Stored Cross-Site Scripting via Patient Registration Fields What is the vulnerability? The application is vulnerable to Stored Cross-Site Scripting (XSS) through patient registration inputs handled by pqms/php/api_register_patient.php. Fields such as firstName and lastName are stored in the database and later rendered in queue.php and dashboard.php without output encoding. Proof of Concept Payload: "><script>alert('Stored XSS')</script>
User
 bobsux (UID 94358)
Submission01/09/2026 08:10 PM (1 month ago)
Moderation01/18/2026 02:50 PM (9 days later)
StatusAccepted
VulDB entry341739 [SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 api_register_patient.php firstName/lastName cross site scripting]
Points17

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!