PT-2024-39850 · Code Projects · Code-Projects Blood Bank System
Sqliii
·
Published
2024-10-10
·
Updated
2024-10-15
·
CVE-2024-9805
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
code-projects Blood Bank System version 1.0
Description
A problem was found in the processing of the file "/admin/campsdetails.php". The manipulation of the argument
hospital/address/city/contact leads to cross-site scripting. The attack may be initiated remotely.Recommendations
For code-projects Blood Bank System version 1.0, consider restricting access to the "/admin/campsdetails.php" file until a fix is available. As a temporary workaround, avoid using the
hospital parameter in the affected endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code-Projects Blood Bank System