| शीर्षक | SourceCodester Patients Waiting Area Queue Management System 1.0 Cross Site Scripting |
|---|
| विवरण | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in SourceCodester Patients Waiting Area Queue Management System 1.0. The vulnerability is located in the 'Find Patient' module (/pqms/patient-search.php).
The flaw occurs because the application fails to sanitize patient registration data (specifically the First Name and Last Name fields) before storing it in the database and subsequently rendering it in the search results. A remote attacker can register a patient with a malicious payload, such as "><img src=x onerror=alert(1)>. When an authenticated staff member or administrator searches for patients at /pqms/patient-search.php, the payload is retrieved from the database and executed in their browser context. This could lead to session hijacking, unauthorized data access, or administrative account takeover. |
|---|
| स्रोत | ⚠️ https://gist.github.com/archana1122m/e2953222b47c29c8c69855f5d623267d |
|---|
| उपयोगकर्ता | Archana M (UID 95668) |
|---|
| सबमिशन | 17/02/2026 09:25 PM (2 महीनों पहले) |
|---|
| संयम | 24/02/2026 11:01 PM (7 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 347677 [SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 /patient-search.php First Name/Last Name क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|