Blood Bank Management System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Blood Bank Management System version 1.0. The issue resides in the updateprofile.php and rprofile.php components, where user input is not properly sanitized or encoded before being displayed. This flaw allows attackers to inject malicious JavaScript into several parameters, including rname, remail, rpassword, rphone, and rcity. When the affected page is viewed, the injected scripts are executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the victim's browser.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the rprofile.php page. Update the profile by injecting a script into one of the vulnerable parameters. Once the profile is updated, the injected script will execute in the browser.