MEDIUM
Codekernel
CVE published 2026-05-16
CVE-2020-37240
CVE-2020-37240 describes a stored cross-site scripting issue in Queue Management System 4.0.0. According to the supplied NVD-derived description, authenticated administrators can place JavaScript payloads into the First Name, Last Name, and Email fields during user creation, and the payloads execute when the User List page is viewed. This is a classic CWE-79 pattern: attacker-controlled input is persisted [truncated]