vendor:
Blood Donor Management System
by:
SoSPiro
3.1
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Blood Donor Management System
Affected Version From: v2.2
Affected Version To: v2.2
Patch Exists: NO
Related CWE:
CPE: a:phpgurukul:blood_donor_management_system:2.2
Platforms Tested: Windows
2023
Blood Bank & Donor Management System v2.2 – Stored XSS
The Blood Donor Management System v2.2 is vulnerable to stored XSS. By modifying certain input fields like 'Adress', 'Email id', or 'Contact Number' with a crafted payload, an attacker can trigger XSS when the affected page is loaded.
Mitigation:
To mitigate this vulnerability, input validation should be implemented to sanitize user-supplied data and prevent the execution of malicious scripts.