{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-3302","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-02-26T20:36:31.415Z","datePublished":"2026-02-27T06:02:09.605Z","dateUpdated":"2026-02-27T18:45:13.668Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-27T06:02:09.605Z"},"title":"SourceCodester Doctor Appointment System Sign Up register.php cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"Doctor Appointment System","versions":[{"version":"1.0","status":"affected"}],"modules":["Sign Up Page"]}],"descriptions":[{"lang":"en","value":"A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-02-26T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-02-26T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-02-26T21:41:40.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"waimanlo (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.348053","name":"VDB-348053 | SourceCodester Doctor Appointment System Sign Up register.php cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.348053","name":"VDB-348053 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.762427","name":"Submit #762427 | SourceCodester Doctor Appointment System 1 Cross Site Scripting","tags":["third-party-advisory"]},{"url":"https://github.com/rayficom/Proof-of-Concept/blob/main/20260219/README.md","tags":["exploit"]},{"url":"https://www.sourcecodester.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-27T18:45:04.420037Z","id":"CVE-2026-3302","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-27T18:45:13.668Z"}}]}}