Cross Site Scripting Vulnerability in Blood Bank System by Code-Projects
CVE-2025-1904
5.1MEDIUM
Summary
A cross site scripting vulnerability exists within the Blood Bank System 1.0 due to improper handling of input in the file /Blood/A+.php. By manipulating the 'Availibility' argument, an attacker can execute arbitrary JavaScript code in the context of the user's session. This vulnerability allows for potential remote attacks, which can compromise user data and lead to various malicious actions on the site.
Affected Version(s)
Blood Bank System 1.0
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
lokihardk (VulDB User)