CVE-2023-44484

Name of the Vulnerable Software and Affected Versions Online Blood Donation Management System version 1.0

Description The issue concerns a Stored Cross-Site Scripting vulnerability. Specifically, the firstName parameter of the "users/register.php" resource is copied into the "users/member.php" document as plain text between tags. Any input is echoed unmodified in the "users/member.php" response.

Recommendations For Online Blood Donation Management System version 1.0, as a temporary workaround, consider validating and sanitizing the firstName parameter in the "users/register.php" resource to prevent malicious input from being echoed in the "users/member.php" response. Restrict access to the "users/member.php" document to minimize the risk of exploitation. Avoid using the firstName parameter in the affected resource until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.