CVE-2025-63527

High CVSS: 8.5

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the victim's browser when the page is viewed.

Vendor

Shridharshukl

Product

Blood Bank Management System

CWE

CWE-79

Yayın Tarihi

2025-12-01 15:15:51

Güncelleme

2025-12-02 03:05:14

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Blood Bank Management System HIGH Shridharshukl 2025

Referanslar

https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing https://github.com/Shridharshukl/Blood-Bank-Management-System https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63527.md

Benzer Kayıtlar

High

CVE-2025-63534

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component…

Critical

CVE-2025-63535

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The applicati…

Critical

CVE-2025-63532

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The applic…

High

CVE-2025-63533

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php a…

Critical

CVE-2025-63525

An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with esc…

High

CVE-2025-63526

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The…