Home / Vulnerability Intelligence / CVE-2026-3302

CVE-2026-3302 - Vulnerability Analysis

MediumCVSS: 4.3

Last Updated: February 27, 2026

SourceCodester Doctor Appointment System - Stored XSS

Published: February 27, 2026Updated: February 27, 2026PoC AvailableRemote Exploitable

Overview

SourceCodester Doctor Appointment System 1.0 contains a stored XSS caused by manipulation of the Email argument in /register.php Sign Up Page, letting remote attackers execute scripts, exploit requires no special privileges.

Severity & Score

Severity: Medium

CVSS Score: 4.3

Impact

Remote attackers can execute scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.

Mitigation

Update to the latest version or apply patches that sanitize Email input in /register.php.

References

https://github.com/rayficom/Proof-of-Concept/blob/main/20260219/README.md
https://vuldb.com/?ctiid.348053
https://vuldb.com/?id.348053
https://vuldb.com/?submit.762427
https://www.sourcecodester.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3302
Severity: Medium
CVSS Score: 4.3
Type: stored_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N