Cross-Site Scripting Vulnerability in Code-Projects Blood Bank System
CVE-2025-1579
Key Information:
- Vendor
- Code-projects
- Status
- Vendor
- CVE Published:
- 23 February 2025
Badges
Summary
A cross-site scripting vulnerability exists in the Blood Bank System 1.0 developed by Code-Projects, specifically affecting the /admin/user.php file. This issue arises from inadequate sanitization of the 'email' parameter, allowing attackers to inject malicious scripts. The exploitation can be performed remotely, posing a significant risk to users and their data. Given the public disclosure of this vulnerability, it is critical to implement security measures immediately to mitigate potential attacks.
Affected Version(s)
Blood Bank System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved