PT-2023-32026 · Unknown · Online Blood Donation Management System
Published
2023-10-31
·
Updated
2024-01-02
·
CVE-2023-5306
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Online Blood Donation Management System version 1.0
Description
The issue concerns multiple Store Cross-Site Scripting vulnerabilities. The
city parameter of the "users/register.php" resource is copied into the "users/member.php" document as plain text between tags. Any input is echoed unmodified in the "users/member.php" response.Recommendations
For Online Blood Donation Management System version 1.0, consider disabling the
city parameter in the "users/register.php" resource until a patch is available to prevent exploitation. Restrict access to the "users/member.php" document to minimize the risk of Cross-Site Scripting attacks. Avoid using the city parameter in the affected resource until the issue is resolved.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Online Blood Donation Management System