Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Patrick Mvuma Queue Management System Cross-Site Scripting Risk
CVE-2026-3171
Summary
A security weakness in the Patrick Mvuma Queue Management System allows hackers to inject malicious code into the system, potentially stealing sensitive information or taking control of user accounts. This risk affects the system's queue management feature and can be exploited remotely by anyone with the right tools. To protect yourself, update the system to the latest version or consider replacing it with a more secure alternative.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| pamzey | patients_waiting_area_queue_management_system | 1.0 | – |
Original title
A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This mani...
Original description
A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipulation of the argument firstname/lastname causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.
nvd CVSS2.0
4.0
nvd CVSS3.1
5.4
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
- https://gist.github.com/archana1122m/2aed32e2a7ca5a648105bfdffd72a955 Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347678 Permissions Required VDB Entry
- https://vuldb.com/?id.347678 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.760189 Third Party Advisory VDB Entry
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026