CVE-2025-63533

Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0

Description The application does not properly sanitize or encode user-supplied input before rendering it, leading to a cross-site scripting (XSS) issue. An attacker can inject malicious JavaScript payloads through the rname, remail, rpassword, rphone, and rcity parameters in the updateprofile.php and rprofile.php components. When a victim views the affected page, the injected code is executed in their browser.

Recommendations Blood Bank Management System version 1.0: Properly sanitize and encode all user-supplied input before rendering it in the updateprofile.php and rprofile.php components. Specifically, address the rname, remail, rpassword, rphone, and rcity parameters to prevent malicious code injection.