Blood Bank Management System Vulnerable to Cross-Site Scripting
CVE-2024-9803

5.4MEDIUM

Key Information:

Vendor
Code-projects
Status
Blood Bank Management System
Vendor
CVE Published:
10 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in the Code-Projects Blood Bank Management System version 1.0, specifically affecting the blooddetails.php file. The flaw arises from improper handling of the Availibility parameter, which allows for cross site scripting (XSS) attacks. Attackers may exploit this vulnerability remotely, manipulating input to execute arbitrary scripts in the context of user sessions. Due to the potential for exploitation, other parameters within the same file could also be susceptible to similar attacks, necessitating prompt attention to ensure the security of the application.

Affected Version(s)

Blood Bank Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9803 - Proof of Concept

References

https://vuldb.com/?id.279951
vdb-entrytechnical-description
https://vuldb.com/?ctiid.279951
signaturepermissions-required
https://vuldb.com/?submit.418615
third-party-advisory

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

cookie7069 (VulDB User)
cookie7069 (VulDB User)
.
CVE-2024-9803 : Blood Bank Management System Vulnerable to Cross-Site Scripting | SecurityVulnerability.io