CVE-2026-3170 - Vulnerability Analysis
LowCVSS: 2.4Last Updated: February 25, 2026
SourceCodester Patrick Mvuma Patients Waiting Area Queue Management System - Stored XSS
Published: February 25, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Patrick Mvuma Patients Waiting Area Queue Management System 1.0 contains a stored XSS caused by manipulation of the First Name/Last Name argument in /patient-search.php, letting remote attackers execute scripts, exploit requires crafted input.
Severity & Score
Severity: Low
CVSS Score: 2.4
Impact
Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.
Mitigation
Update to the latest version or apply patches that sanitize user input in /patient-search.php.
References
Related Resources
Details
- CVE ID
- CVE-2026-3170
- Severity
- Low
- CVSS Score
- 2.4
- Type
- stored_xss
- Status
- confirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N