| Title | Patient Queue Management System 1.0 Stored XSS |
|---|
| Description | - I found a ( Stored XSS And Html injection ) vulnerability in the PHP product Patient Queue Management System.
- The vulnerability exists in the following input fields: ( First Name , Last Name ) .
- project link : https://www.sourcecodester.com/php/18348/patients-waiting-area-queue-management-system.html
- Poc Stored XSS : https://drive.google.com/file/d/1n44YqMSMd6Lk68FspWKcFnsZNFfB0jMj/view?usp=drive_link
- Poc Html Injection : https://drive.google.com/file/d/14kyyKJj-wtdHdTJ0hXbY5re-3MLVk2s5/view?usp=drive_link
- Steps to Reproduce :
- The Payloads Stored XSS is storing in Database :
1 - Go to the patient registration form.
2 - In the First Name or Last Name field, insert the following payload :
<script>alert(document.domain)</script> Or <img src=x onerror=alert(document.cookie)>
- Html Injection :
<h1> html injected </h1> Or <h1style="color: red;"> html injected </h1> Or <h1>
|
|---|
| User | 0day_dz (UID 91923) |
|---|
| Submission | 02/11/2026 15:09 (4 months ago) |
|---|
| Moderation | 02/23/2026 14:48 (12 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 344856 [SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 Patient Registration /registration.php First Name cross site scripting] |
|---|
| Points | 0 |
|---|