A problematic cross-site scripting (XSS) vulnerability has been identified in the Blood Bank System, versions 1.0 through 1.0. This flaw resides within the /prostatus.php file and allows attackers to inject malicious scripts through manipulation of the 'message' parameter. The vulnerability is accessible remotely and has been publicly disclosed, necessitating immediate attention to prevent potential exploitation. A patch is available in version 1.0.1.
Successful exploitation of CVE-2025-1577 allows an attacker to inject arbitrary JavaScript code into the Blood Bank System. This can lead to various malicious outcomes, including session hijacking, defacement of the application, and redirection of users to phishing sites. The attacker could potentially steal sensitive user data, such as login credentials or personal information stored within the application. Given the nature of a blood bank system, this could also impact the integrity of patient data and operational processes. While the CVSS score is LOW, the potential for user compromise and data theft warrants prompt remediation.
This vulnerability was publicly disclosed on 2025-02-23. A public proof-of-concept is likely to emerge given the ease of exploitation associated with XSS vulnerabilities. The CVSS score of 3.5 indicates a LOW probability of exploitation, but the potential impact warrants proactive mitigation. No known active campaigns targeting this specific vulnerability have been reported at this time.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1577 is to upgrade the Blood Bank System to version 1.0.1, which includes the necessary fix. If an immediate upgrade is not feasible, consider implementing input validation and output encoding on the 'message' parameter within /prostatus.php to sanitize user-supplied data. Web application firewalls (WAFs) can be configured to detect and block XSS attempts targeting this specific endpoint. Regularly review and update security policies to prevent similar vulnerabilities in the future.
Update to a patched version or apply a fix to prevent malicious code injection into the 'message' parameter of the '/prostatus.php' file. Escape or validate user input before displaying it on the web page to prevent the execution of unwanted scripts. If a patched version is not available, consider disabling or removing the vulnerable functionality.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1577 is a cross-site scripting (XSS) vulnerability in Blood Bank System versions 1.0 and 1.0, allowing attackers to inject malicious scripts via the /prostatus.php file.
If you are using Blood Bank System versions 1.0 or 1.0, you are potentially affected by this vulnerability. Upgrade to version 1.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the 'message' parameter in /prostatus.php.
While no active campaigns have been confirmed, the vulnerability is publicly disclosed and a proof-of-concept is likely to emerge, increasing the risk of exploitation.
Refer to the Blood Bank System's official website or security advisory page for the latest information and updates regarding CVE-2025-1577.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.