CVE-2026-3171 - Vulnerability Analysis
LowCVSS: 3.5Last Updated: February 25, 2026
SourceCodester Patrick Mvuma Patients Waiting Area Queue Management System - Stored XSS
Published: February 25, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Patrick Mvuma Patients Waiting Area Queue Management System 1.0 contains a stored XSS caused by improper sanitization of firstname/lastname arguments in /queue.php, letting remote attackers execute scripts, exploit requires crafted input.
Severity & Score
Severity: Low
CVSS Score: 3.5
Impact
Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.
Mitigation
Update to the latest version with proper input sanitization or apply patches to sanitize firstname/lastname inputs.
References
Related Resources
Details
- CVE ID
- CVE-2026-3171
- Severity
- Low
- CVSS Score
- 3.5
- Type
- stored_xss
- Status
- confirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N