CVE-2023-41575

Name of the Vulnerable Software and Affected Versions Blood Bank & Donor Management version 2.2

Description The issue concerns multiple stored cross-site scripting (XSS) vulnerabilities in the /bbdms/sign-up.php file. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. This can be exploited by a remote attacker to conduct a cross-site scripting attack.

Recommendations For Blood Bank & Donor Management version 2.2, consider disabling the /bbdms/sign-up.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the Full Name, Message, or Address parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.