PT-2025-9714 · Code Projects · Code-Projects Blood Bank System

Xianghongli

Published

2025-03-04

Updated

2025-03-05

CVE-2025-1957

CVSS v4.0

5.1

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions code-projects Blood Bank System version 1.0

Description A problematic issue was discovered in the code, affecting the /BBfile/Blood/o+.php file. The manipulation of the Bloodname argument leads to cross-site scripting. This issue can be initiated remotely.

Recommendations For code-projects Blood Bank System version 1.0, consider restricting access to the o+.php file or disabling the manipulation of the Bloodname argument to minimize the risk of exploitation.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2025-1957

Affected Products

Code-Projects Blood Bank System

PT-2025-9714 · Code Projects · Code-Projects Blood Bank System

CVE-2025-1957

Weakness Enumeration

Related Identifiers

Affected Products

References · 10