Cross Site Scripting Vulnerability in Blood Bank System by Code-Projects
CVE-2025-1957
Key Information:
- Vendor
- Code-projects
- Status
- Vendor
- CVE Published:
- 4 March 2025
Badges
Summary
A security vulnerability was identified in the Blood Bank System 1.0, specifically targeting the /BBfile/Blood/o+.php file. This flaw allows attackers to manipulate the Bloodname parameter, facilitating cross site scripting (XSS) attacks. As exploitation can occur remotely, it poses a significant risk to systems utilizing this product. The vulnerability has been made public, and users are advised to implement necessary security measures to safeguard against potential exploits.
Affected Version(s)
Blood Bank System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved