CVE-2024-12982

Name of the Vulnerable Software and Affected Versions PHPGurukul Blood Bank & Donor Management System version 2.4

Description A problem has been found in the system, affecting some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the Address argument leads to cross site scripting. The attack may be launched remotely.

Recommendations For PHPGurukul Blood Bank & Donor Management System version 2.4, as a temporary workaround, consider restricting access to the /bbdms/admin/update-contactinfo.php file until a patch is available. Avoid using the Address argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.