CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12982 – PHPGurukul Blood Bank & Donor Management System update-contactinfo.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12982
27 Dec 2024 — A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. • https://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12955 – PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-12955
26 Dec 2024 — A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://phpgurukul.com • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0476 – Blood Bank & Donor Management request-received-bydonar.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0476
13 Jan 2024 — A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0459 – Blood Bank & Donor Management request-received-bydonar.php sql injection
https://notcve.org/view.php?id=CVE-2024-0459
12 Jan 2024 — A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-41575
https://notcve.org/view.php?id=CVE-2023-41575
08 Sep 2023 — Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) Almacenado en /bbdms/sign-up.php de Blood Bank & Donor Management v2.2 permiten a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en los parám... • https://github.com/soundarkutty/Stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •