Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.
https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html
https://github.com/aznull/CVEs
http://packetstormsecurity.com/files/168211/Doctors-Appointment-System-1.0-Cross-Site-Scripting.html