Cross-Site Scripting Vulnerability in PHPGurukul Blood Bank & Donor Management System
CVE-2024-12982

5.1MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Blood Bank & Donor Management System
Vendor
CVE Published:
27 December 2024

Summary

A vulnerability exists in the PHPGurukul Blood Bank & Donor Management System version 2.4 that enables attackers to exploit the system via cross-site scripting (XSS). This issue arises from inadequate handling of input in the application, particularly within the /bbdms/admin/update-contactinfo.php file, where manipulation of the 'Address' argument can lead to unauthorized script execution. The nature of this vulnerability allows potential attackers to execute malicious scripts in the context of the user’s browser when visiting specifically crafted pages, thus endangering user data and application integrity.

Affected Version(s)

Blood Bank & Donor Management System 2.4

References

https://vuldb.com/?id.289358
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289358
signaturepermissions-required
https://vuldb.com/?submit.469202
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kwangyun Keum
Lo1x (VulDB User)
Lo1x (VulDB User)
.