Platform
php
Component
xss1
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in code-projects Blood Bank Management System, affecting versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user data and session integrity. The issue resides within the /user_dashboard/donor.php file, where improper handling of the 'name' argument can be exploited. A patch is available in version 1.0.1.
Successful exploitation of CVE-2025-1967 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious activities, including session hijacking, credential theft, and defacement of the application's user interface. The attacker could potentially steal sensitive information, such as donor details or administrative credentials, depending on the user's privileges and the data accessible through the application. The blast radius extends to any user interacting with the vulnerable /user_dashboard/donor.php endpoint.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. No known active campaigns targeting this specific CVE have been reported as of the publication date. The CVSS score of 3.5 (LOW) indicates a relatively low probability of exploitation, but the public disclosure necessitates prompt remediation. No KEV listing is currently available.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1967 is to upgrade to version 1.0.1 of the Blood Bank Management System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the 'name' parameter within the /user_dashboard/donor.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and update security policies and conduct penetration testing to identify and address potential vulnerabilities.
Update the Blood Bank Management System to a patched version that resolves the XSS vulnerability. If a patched version is not available, review and filter user inputs in the donor.php file, especially the 'name' argument, to prevent the injection of malicious code. Consider implementing an escaping function to sanitize inputs before displaying them on the page.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1967 is a cross-site scripting (XSS) vulnerability in Blood Bank Management System versions 1.0–1.0, allowing attackers to inject malicious scripts via the /user_dashboard/donor.php file.
You are affected if you are using Blood Bank Management System version 1.0–1.0. Upgrade to version 1.0.1 to resolve the vulnerability.
Upgrade to version 1.0.1. If upgrading is not possible, implement input validation and output encoding on the 'name' parameter in /user_dashboard/donor.php.
While no active campaigns have been confirmed, the vulnerability is publicly disclosed, increasing the risk of exploitation.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-1967.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.