CVE-2026-36324
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
29/05/2026
Last modified:
01/06/2026
Description
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) due to improper handling of user supplied input in the user registration functionality in register.php.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/adhiyaksactf/MyCVE-Disclosures/blob/main/rems-DoctorAppointmentSystem/CVE-2026-36324/README.md
- https://www.sourcecodester.com/php/18453/doctor-appointment-system-using-php-and-mysql-source-code.html
- https://github.com/adhiyaksactf/MyCVE-Disclosures/blob/main/rems-DoctorAppointmentSystem/CVE-2026-36324/README.md



