CVE-2026-11468

SourceCodester Hospitals Patient Records Management System page room_types cross site scripting

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79 CWE-94

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room_types. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

SourceCodester · Hospitals Patient Records Management System

public PoCs found — 1

cve_referencegithub.com/jqr1449186277/CVE/issues/2unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/jqr1449186277/CVE/issues/2 https://vuldb.com/cve/CVE-2026-11468 https://vuldb.com/submit/833776 https://vuldb.com/vuln/369088 https://vuldb.com/vuln/369088/cti https://www.sourcecodester.com/