Kev1Nk

**Name of the Vulnerable Software and Affected Versions** Blood Bank System version 1.0 **Description** A problematic issue was found in the Blood Bank System, affecting unknown parts of the bbms.php file. The manipulation of the `fullname`, `age`, `bloodgroup`, `city`, `phno`, and `gender` arguments as part of a String leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the vulnerable parts of the bbms.php file until a patch is available. Restrict access to the bbms.php file to minimize the risk of exploitation. Avoid using the `fullname`, `age`, `bloodgroup`, `city`, `phno`, and `gender` arguments in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Blood Bank System version 1.0 **Description** A critical vulnerability was found in the code-projects Blood Bank System. This issue affects the file `/admin/blood/update/o-.php` and is related to the manipulation of the `bloodname` argument, which leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Blood Bank System version 1.0, consider disabling access to the `/admin/blood/update/o-.php` file until a patch is available. As a temporary workaround, restrict the manipulation of the `bloodname` argument to minimize the risk of SQL injection exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.