Primary

Context

Blood Bank Management System Cross-Site Scripting Vulnerability in abs.php

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the Blood Bank Management System, specifically within the abs.php component. The issue arises because the application does not adequately sanitize or encode user input before displaying it. This allows attackers to inject malicious JavaScript into the msg parameter, which is executed in the browser of anyone who views the page.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into the Blood Bank Management System and navigate to the abs.php page. Inject a script into the msg parameter, such as a script tag containing JavaScript code, such as an alert displaying the document.cookie. Once the page is loaded, the injected script will execute, demonstrating the cross-site scripting vulnerability.

Added: Dec 1, 2025, 3:24 PM

Updated: Dec 1, 2025, 8:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

7.4

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

7.4

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blood Bank Management System Cross-Site Scripting Vulnerability in abs.php

Vulnerability

Impact

Reproduction

Affected Products

Shridharshukl Blood Bank Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating