Plattform
php
Behoben in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in code-projects Blood Bank System, specifically within version 1.0. This flaw resides in the AB+.php file and can be exploited by manipulating the Bloodname argument. Successful exploitation allows remote attackers to inject malicious scripts, potentially compromising user sessions and data integrity. The vulnerability is fixed in version 1.0.1.
The XSS vulnerability in Blood Bank System allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a victim's browser when they visit a page containing the injected script. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The impact is particularly severe if the Blood Bank System handles sensitive patient data, as an attacker could potentially gain access to this information. The remote nature of the vulnerability means it can be exploited from anywhere with network access to the system.
This vulnerability was publicly disclosed on 2025-03-06. A proof-of-concept exploit is likely to be available due to the public disclosure. The CVSS score of 3.5 (LOW) indicates a relatively low probability of exploitation, but the ease of exploitation and potential impact warrant prompt remediation. No KEV listing or confirmed exploitation campaigns are currently known.
Organizations and individuals using the Blood Bank System version 1.0 are at risk. This includes healthcare providers, blood banks, and any entity relying on this system for managing blood-related data. Shared hosting environments where multiple users share the same server instance are particularly vulnerable, as an attacker could potentially exploit the vulnerability on one user's account to gain access to others.
• php / server:
grep -r "Bloodname = $_GET['Bloodname']" /var/www/html/• generic web:
curl -I http://your-blood-bank-system/AB+.php?Bloodname=<script>alert('XSS')</script>disclosure
Exploit-Status
EPSS
0.12% (30% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-2049 is to upgrade to version 1.0.1 of the Blood Bank System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the Bloodname parameter in AB+.php to sanitize user-supplied data. While not a complete solution, this can reduce the risk of successful exploitation. Additionally, consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly review and update security policies and conduct penetration testing to identify and address potential vulnerabilities.
Aktualisieren auf eine gepatchte Version oder die notwendigen Sicherheitsmaßnahmen anwenden, um die Ausführung von XSS-Code zu verhindern. Benutzer-Eingaben validieren und bereinigen, insbesondere den Parameter Bloodname in der Datei AB+.php. Eine Content Security Policy (CSP) implementieren, um XSS-Risiken zu mindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-2049 is a cross-site scripting (XSS) vulnerability in Blood Bank System version 1.0, allowing attackers to inject malicious scripts via the Bloodname parameter in AB+.php.
You are affected if you are using Blood Bank System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the Bloodname parameter.
While no confirmed exploitation campaigns are currently known, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-2049.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.