exploitDog

CVE-2025-63528

Опубликовано: 01 дек. 2025

Источник: nvd

CVSS3: 8.5

CVSS3: 5.4

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the error parameter, which is then executed in the victim's browser when the page is viewed.

Ссылки

https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing
Exploit
Third Party Advisory
https://github.com/Shridharshukl/Blood-Bank-Management-System
Product
https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63528.md
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shridharshukl:blood_bank_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00036

Низкий

8.5 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-gxx6-rxxx-3fpc

CVSS3: 8.5

github

2 месяца назад

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the error parameter, which is then executed in the victim's browser when the page is viewed.

EPSS

Процентиль: 10%

0.00036

Низкий

8.5 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79