PT-2023-29263 · Unknown · Online Blood Donation Management System
Published
2023-10-31
·
Updated
2024-01-02
·
CVE-2023-44486
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Online Blood Donation Management System version 1.0
Description
The issue concerns multiple Store Cross-Site Scripting vulnerabilities. The
address parameter of the "users/register.php" endpoint is vulnerable, as its input is copied into the application's response without proper validation or sanitization.Recommendations
For Online Blood Donation Management System version 1.0, consider validating and sanitizing user input for the
address parameter in the "users/register.php" endpoint to prevent Cross-Site Scripting attacks. As a temporary workaround, restrict access to the "users/register.php" endpoint until a proper fix is applied.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Online Blood Donation Management System