Mdsmith49

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Blood Bank Management System version 1.0 **Description** A problem was found in the processing of the file /request.php of the component Send Blood Request Page. The manipulation of the argument `Address/bloodgroup` leads to cross site scripting. The attack may be initiated remotely. **Recommendations** For itsourcecode Online Blood Bank Management System version 1.0, consider restricting access to the `/request.php` file until a patch is available. As a temporary workaround, avoid using the `Address/bloodgroup` argument in the Send Blood Request Page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Blood Bank Management System version 1.0 **Description** A critical vulnerability has been found in the itsourcecode Online Blood Bank Management System. This issue affects the /admin/index.php file of the Admin Login component. The manipulation of the `user` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For itsourcecode Online Blood Bank Management System version 1.0, patch the system immediately to prevent SQL injection attacks. Additionally, check for any potential compromise. As a temporary workaround, consider restricting access to the /admin/index.php endpoint until a patch is applied. Avoid using the `user` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Blood Bank Management System version 1.0 **Description** A problematic issue was found in the itsourcecode Online Blood Bank Management System, affecting the User Registration Handler component, specifically the file signup.php. The manipulation of the `user` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For itsourcecode Online Blood Bank Management System version 1.0, consider disabling the User Registration Handler component or restricting access to the signup.php file until a patch is available. As a temporary workaround, avoid using the `user` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.