Vulnerabilities ›

CVE-2026-3302

Medium ⚡ Exploit Available

A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing

CWE-79 — Weakness Type

                    Published: Feb 27, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

4.3

🔗 NVD Official

📄 Description (English)

A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

🤖 AI Executive Summary

A cross-site scripting (XSS) vulnerability exists in SourceCodester Doctor Appointment System 1.0 in the /register.php file's Email parameter. Remote attackers can exploit this to inject malicious scripts affecting users during the sign-up process.

📄 Description (Arabic)

ثغرة حقن نصوص برمجية (XSS) في نموذج التسجيل بنظام حجز المواعيد الطبية تسمح بتنفيذ كود JavaScript ضار. يمكن للمهاجمين استخدام هذه الثغرة لسرقة بيانات المستخدمين أو جلسات العمل أو إعادة توجيه المستخدمين إلى مواقع خطرة.

🤖 ملخص تنفيذي (AI)

ثغرة حقن نصوص برمجية (XSS) موجودة في نظام SourceCodester لحجز المواعيد الطبية الإصدار 1.0 في ملف /register.php وحقل البريد الإلكتروني. يمكن للمهاجمين البعيدين استغلال هذه الثغرة لحقن نصوص ضارة تؤثر على المستخدمين أثناء التسجيل.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 07:27

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

healthcare government

🎯 MITRE ATT&CK Techniques

T1190 T1566

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update SourceCodester Doctor Appointment System to the latest patched version. Implement input validation and sanitization for the Email parameter. Apply output encoding for all user inputs. Deploy Web Application Firewall (WAF) rules to detect and block XSS attempts. Conduct security code review of the /register.php file.

🔧 خطوات المعالجة (العربية)

قم بتحديث نظام SourceCodester لحجز المواعيد الطبية إلى أحدث إصدار معدل. طبق التحقق من صحة المدخلات وتنظيفها لحقل البريد الإلكتروني. طبق ترميز الإخراج لجميع مدخلات المستخدم. نشر قواعد جدار حماية تطبيقات الويب لكشف ومنع محاولات XSS. أجر مراجعة أمان شاملة لملف /register.php.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.12.6.1

🔵 SAMA CSF

ID.GV-4 PR.DS-1 PR.DS-6

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5

🔗 References & Sources 5

🔗

https://github.com/rayficom/Proof-of-Concept/blob/main/20260219/README.md

cna@vuldb.com

Exploit Third Party Advisory

🔗

https://vuldb.com/?ctiid.348053

cna@vuldb.com

Permissions Required VDB Entry

🔗

https://vuldb.com/?id.348053

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/?submit.762427

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://www.sourcecodester.com/

cna@vuldb.com

Product

📦 Affected Products / CPE 1 entries

remyandrade:doctor_appointment_system:1.0

📊 CVSS Score

4.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score4.3

CWECWE-79

EPSS0.03%

Exploit ✓ Yes

Patch ✗ No

Published 2026-02-27

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

exploit-available CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-3302

💬 Comments

Introduce Yourself

Sign In Required