5 results (0.009 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing https://vuldb.com/?ctiid.250581 https://vuldb.com/?id.250581 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing https://vuldb.com/?ctiid.250564 https://vuldb.com/?id.250564 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) Almacenado en /bbdms/sign-up.php de Blood Bank & Donor Management v2.2 permiten a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en los parámetros Nombre completo, Mensaje o Dirección. • https://github.com/soundarkutty/Stored-xss/blob/main/poc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. PHPGurukul Blood Donor Management System 1.0 no restringe adecuadamente el acceso a admin/dashboard.php, lo que permite a los atacantes acceder a todos los datos de los usuarios, eliminarlos, agregar y administrar grupos sanguíneos y enviar informes. • https://github.com/RashidKhanPathan/CVE-2022-38813 https://drive.google.com/file/d/1iMswKzoUvindXUGh1cuAmi-0R84tLDaH/view?usp=sharing https://ihexcoder.wixsite.com/secresearch/post/cve-2022-38813-privilege-escalations-in-blood-donor-management-system-v1-0 https://phpgurukul.com/blood-donor-management-system-using-codeigniter • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. Phpgurukul Blood Donor Management System 1.0 permite Cross Site Scripting mediante la función Agregar nombre de grupo sanguíneo. • https://github.com/RashidKhanPathan/CVE-2022-40470 https://drive.google.com/file/d/1UDuez2CTscdWXYzyXLi3x8CMs9IWLL11/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •