CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0476 – Blood Bank & Donor Management request-received-bydonar.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0476
A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing https://vuldb.com/?ctiid.250581 https://vuldb.com/?id.250581 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0459 – Blood Bank & Donor Management request-received-bydonar.php sql injection
https://notcve.org/view.php?id=CVE-2024-0459
A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing https://vuldb.com/?ctiid.250564 https://vuldb.com/?id.250564 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41575
https://notcve.org/view.php?id=CVE-2023-41575
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) Almacenado en /bbdms/sign-up.php de Blood Bank & Donor Management v2.2 permiten a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en los parámetros Nombre completo, Mensaje o Dirección. • https://github.com/soundarkutty/Stored-xss/blob/main/poc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •