| 제목 | SourceCodester Patients Waiting Area Queue Management System 1.0 Cross Site Scripting |
|---|
| 설명 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in SourceCodester Patients Waiting Area Queue Management System 1.0. This vulnerability specifically impacts the public-facing queue monitor located at /pqms/queue.php.
The flaw exists because the application retrieves unsanitized patient names from the database and renders them directly onto the public queue board. An attacker can register a patient with a malicious JavaScript payload (e.g., "><img src=x onerror=alert(1)>). Because the queue.php page is designed to refresh and display entries automatically, the script executes in the browser of anyone viewing the public monitor. This represents a critical security risk as it allows for persistent script execution on public-facing kiosks and can be used to deface the display or capture administrative sessions if viewed by authorized staff. |
|---|
| 원천 | ⚠️ https://gist.github.com/archana1122m/2aed32e2a7ca5a648105bfdffd72a955 |
|---|
| 사용자 | Archana M (UID 95668) |
|---|
| 제출 | 2026. 02. 18. AM 09:40 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 24. PM 11:02 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 347678 [SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 /queue.php firstname/lastname 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|