CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12982 – PHPGurukul Blood Bank & Donor Management System update-contactinfo.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12982
27 Dec 2024 — A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. • https://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12955 – PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-12955
26 Dec 2024 — A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://phpgurukul.com • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •