CVE-2025-63528

Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0

Description The application does not properly sanitize or encode user-supplied input before rendering it, leading to a cross-site scripting (XSS) issue. An attacker can inject malicious JavaScript payloads into the error parameter within the blooddinfo.php component. When a victim views the page, this injected script is executed in their browser.

Recommendations Blood Bank Management System version 1.0: Properly sanitize or encode all user-supplied input before rendering it in the application to prevent XSS attacks. Specifically, address the lack of input validation and output encoding in the blooddinfo.php component related to the error parameter.