PT-2025-9714 · Code Projects · Code-Projects Blood Bank System

Xianghongli

Publicado

2025-03-04

Atualizado

2025-03-05

CVE-2025-1957

CVSS v4.0

5.1

Média

Vetor

AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions code-projects Blood Bank System version 1.0

Description A problematic issue was discovered in the code, affecting the /BBfile/Blood/o+.php file. The manipulation of the Bloodname argument leads to cross-site scripting. This issue can be initiated remotely.

Recommendations For code-projects Blood Bank System version 1.0, consider restricting access to the o+.php file or disabling the manipulation of the Bloodname argument to minimize the risk of exploitation.

Exploit

Correção

Code Injection

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-79

Identificadores relacionados

CVE-2025-1957

Produtos afetados

Code-Projects Blood Bank System

PT-2025-9714 · Code Projects · Code-Projects Blood Bank System

CVE-2025-1957

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10