cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12982,https://securityvulnerability.io/vulnerability/CVE-2024-12982,Cross-Site Scripting Vulnerability in PHPGurukul Blood Bank & Donor Management System,"A vulnerability exists in the PHPGurukul Blood Bank & Donor Management System version 2.4 that enables attackers to exploit the system via cross-site scripting (XSS). This issue arises from inadequate handling of input in the application, particularly within the /bbdms/admin/update-contactinfo.php file, where manipulation of the 'Address' argument can lead to unauthorized script execution. The nature of this vulnerability allows potential attackers to execute malicious scripts in the context of the user’s browser when visiting specifically crafted pages, thus endangering user data and application integrity.",PHPgurukul,Blood Bank & Donor Management System,5.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2024-12-27T06:00:16.257Z,0
CVE-2024-12955,https://securityvulnerability.io/vulnerability/CVE-2024-12955,Cross-Site Request Forgery Vulnerability in PHPGurukul Blood Bank & Donor Management System,"A vulnerability has been identified in the PHPGurukul Blood Bank & Donor Management System version 2.4, specifically affecting the /logout.php file. This flaw allows for an attacker to exploit the application through cross-site request forgery (CSRF). As a result of this vulnerability, unauthorized users can potentially manipulate user sessions or perform actions on behalf of authenticated users without their consent. Given that the exploit can be initiated remotely, it is crucial for users of this system to assess their security measures and apply necessary patches or modifications to safeguard against potential attacks. For further details, users are advised to consult official advisories and consider implementing strict CSRF protections.",PHPgurukul,Blood Bank & Donor Management System,6.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-26T14:31:05.280Z,0
CVE-2024-0476,https://securityvulnerability.io/vulnerability/CVE-2024-0476,Blood Bank & Donor Management request-received-bydonar.php cross site scripting,"A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability.",PHPgurukul,Blood Bank & Donor Management,4.8,MEDIUM,0.0006099999882280827,false,,false,false,true,2024-01-13T05:31:03.000Z,true,false,false,,2024-01-13T05:31:03.112Z,0
CVE-2024-0459,https://securityvulnerability.io/vulnerability/CVE-2024-0459,Blood Bank & Donor Management request-received-bydonar.php sql injection,"A vulnerability has been identified in Blood Bank & Donor Management 5.6, located in the file /admin/request-received-bydonar.php. This vulnerability can be exploited to perform SQL injection, allowing an attacker to manipulate database queries remotely. The exploit has been publicly disclosed, indicating that potential risks to the integrity of sensitive data are significant. Organizations using this software version should consider immediate action to mitigate the risk associated with this vulnerability.",PHPgurukul,Blood Bank & Donor Management,7.2,HIGH,0.0013200000394135714,false,,false,false,true,2024-01-12T15:31:03.000Z,true,false,false,,2024-01-12T15:31:03.855Z,0
CVE-2023-41575,https://securityvulnerability.io/vulnerability/CVE-2023-41575,Stored Cross-Site Scripting Vulnerabilities in Blood Bank & Donor Management by Soundarkutty,"The Blood Bank & Donor Management software version 2.2 contains multiple stored cross-site scripting vulnerabilities. Attackers can exploit these flaws by injecting malicious scripts through the Full Name, Message, or Address parameters on the sign-up page. If successfully executed, these scripts can lead to the execution of arbitrary web scripts or HTML in the context of the user's session, potentially compromising sensitive information or manipulating the user interface.",PHPgurukul,Blood Bank \& Donor Management System,5.4,MEDIUM,0.0004799999878741801,false,,false,false,true,2023-08-26T09:26:35.000Z,true,false,false,,2023-09-08T00:00:00.000Z,0