Cross-Site Scripting Vulnerability in Code-Projects Blood Bank System
CVE-2024-12000
Key Information
- Vendor
- Code-projects
- Status
- Blood Bank System
- Vendor
- CVE Published:
- 30 November 2024
Badges
Summary
CVE-2024-12000 identifies a critical Cross-Site Scripting (XSS) vulnerability within the Blood Bank System version 1.0 developed by Code-Projects. The vulnerability resides in the /controllers/updatesettings.php file, specifically affecting the setting handler component. Attackers can exploit this vulnerability by manipulating the 'firstname' parameter, enabling remote execution of malicious scripts in the context of the user's session. This vulnerability poses significant security risks as it may allow unauthorized actions to be performed, potentially compromising sensitive user data. Immediate action is recommended to mitigate the risk associated with this exploitable issue.
Affected Version(s)
Blood Bank System = 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved