A problematic cross-site scripting (XSS) vulnerability has been identified in Blood Bank System versions 1.0 through 1.0. This flaw resides in the processing of the /admin/user.php file, specifically through manipulation of the 'email' argument. Successful exploitation allows for remote code execution, potentially compromising sensitive data and system integrity. The vulnerability has been publicly disclosed and a fix is available in version 1.0.1.
The XSS vulnerability in Blood Bank System allows an attacker to inject malicious scripts into web pages viewed by other users, particularly administrators accessing the /admin/user.php page. This can lead to session hijacking, defacement of the application, or redirection to malicious websites. An attacker could potentially steal administrator credentials, gain unauthorized access to the blood bank system's data, and manipulate patient records. The impact is amplified if the system is used in a shared hosting environment, as other applications on the same server could be at risk. While the CVSS score is LOW, the potential for data compromise and administrative control makes this a significant concern.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. No known exploitation campaigns have been reported at the time of writing, but the availability of a public disclosure makes it a potential target. The CVSS score of 2.4 indicates a low probability of exploitation, but proactive mitigation is still recommended. No KEV listing is present.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1579 is to immediately upgrade Blood Bank System to version 1.0.1 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter requests containing suspicious characters in the 'email' parameter of the /admin/user.php endpoint. Input validation on the server-side, specifically sanitizing the 'email' parameter, can also help prevent XSS attacks. Monitor access logs for unusual activity related to the /admin/user.php endpoint, looking for requests with unexpected characters or patterns in the 'email' parameter.
Update to a patched version of the Blood Bank System. If no version is available, review and sanitize the inputs of the 'email' parameter in the /admin/user.php file to prevent XSS code execution. Consider temporarily disabling the affected functionality until a fix can be applied.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1579 is a cross-site scripting (XSS) vulnerability affecting Blood Bank System versions 1.0–1.0, allowing attackers to inject malicious scripts via the /admin/user.php file.
Yes, if you are running Blood Bank System version 1.0 or 1.0, you are affected by this vulnerability. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade Blood Bank System to version 1.0.1 or later. As a temporary workaround, implement a WAF rule to filter suspicious characters in the 'email' parameter.
While no active exploitation campaigns have been confirmed, the public disclosure of this vulnerability increases the risk of exploitation. Proactive mitigation is recommended.
Please refer to the Blood Bank System project's official website or repository for the advisory related to CVE-2025-1579.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.