CVE-2026-3170 MEDIUM

CVE-2026-3170: SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System patient-search.php cross site scripting

Vendor Sourcecodester

Product Patients Waiting Area Queue Management System

Weakness CWE-79 · XSS

Published February 25, 2026

Last update February 25, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.

Key dates

Disclosure timeline

February 25, 2026 CVE published

February 25, 2026 Record updated

Identifiers

CVE CVE-2026-3170

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions

Vendor Sourcecodester

Product Patients Waiting Area Queue Management System

Affected 1.0

Vendor Patrick Mvuma

Product Patients Waiting Area Queue Management System

Affected 1.0