CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6273 – SourceCodester Clinic Queuing System patient_side.php save_patient cross site scripting
https://notcve.org/view.php?id=CVE-2024-6273
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack can be launched remotely. • https://docs.google.com/document/d/14ExrgXqPQlgvjw2poqNzYzAOi-C5tda-XBJF513yzag/edit?usp=sharing https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6273.md https://vuldb.com/?ctiid.269485 https://vuldb.com/?id.269485 https://vuldb.com/?submit.362873 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0265 – SourceCodester Clinic Queuing System GET Parameter index.php file inclusion
https://notcve.org/view.php?id=CVE-2024-0265
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249821 https://vuldb.com/?id.249821 • CWE-73: External Control of File Name or Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-0264 – SourceCodester Clinic Queuing System LoginRegistration.php authorization
https://notcve.org/view.php?id=CVE-2024-0264
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. • https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py https://vuldb.com/?ctiid.249820 https://vuldb.com/?id.249820 • CWE-639: Authorization Bypass Through User-Controlled Key •