Blood Bank Management System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Blood Bank Management System version 1.0. The issue arises in the file '/user_dashboard/donor.php', where the 'name' parameter can be manipulated to inject malicious JavaScript. This injected script is executed in the context of the user or administrator session, potentially leading to unauthorized actions or data exposure.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user or administrator.

Reproduction

To reproduce this vulnerability, log into the application as a user with low privileges. Navigate to the 'donor.php' page and click on 'Donate Blood'. Inject an XSS payload into the 'Name' field. Once the form is submitted, the injected script will be executed when the 'donor.php' page is accessed again.