3 results (0.009 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack can be launched remotely. • https://docs.google.com/document/d/14ExrgXqPQlgvjw2poqNzYzAOi-C5tda-XBJF513yzag/edit?usp=sharing https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6273.md https://vuldb.com/?ctiid.269485 https://vuldb.com/?id.269485 https://vuldb.com/?submit.362873 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249821 https://vuldb.com/?id.249821 • CWE-73: External Control of File Name or Path •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249820 https://vuldb.com/?id.249820 • CWE-639: Authorization Bypass Through User-Controlled Key •