CVE-2023-46015
https://notcve.org/view.php?id=CVE-2023-46015
Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL. Vulnerabilidad de Cross Site Scripting (XSS) en index.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar código arbitrario a través del parámetro 'msg' en la URL de la aplicación. • https://github.com/ersinerenler/CVE-2023-46015-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-46017 – Blood Bank 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-46017
SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters. Vulnerabilidad de inyección SQL en ReceiverLogin.php en Code-Projects Blood Bank 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a través de los parámetros 'remail' y 'rpassword'. Blood Bank version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Nitin Sharma in October of 2021. • https://github.com/ersinerenler/CVE-2023-46017-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •