CVE-2024-9084

Name of the Vulnerable Software and Affected Versions Blood Bank System version 1.0

Description A problematic issue was found in the Blood Bank System, affecting unknown parts of the bbms.php file. The manipulation of the fullname, age, bloodgroup, city, phno, and gender arguments as part of a String leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the vulnerable parts of the bbms.php file until a patch is available. Restrict access to the bbms.php file to minimize the risk of exploitation. Avoid using the fullname, age, bloodgroup, city, phno, and gender arguments in the affected API endpoints until the issue is resolved.