Soundar M

**Name of the Vulnerable Software and Affected Versions** Blood Bank & Donor Management version 2.2 **Description** The issue concerns multiple stored cross-site scripting (XSS) vulnerabilities in the /bbdms/sign-up.php file. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Full Name`, `Message`, or `Address` parameters. This can be exploited by a remote attacker to conduct a cross-site scripting attack. **Recommendations** For Blood Bank & Donor Management version 2.2, consider disabling the /bbdms/sign-up.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `Full Name`, `Message`, or `Address` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.