A problematic cross-site scripting (XSS) vulnerability has been identified in code-projects Blood Bank System, specifically within version 1.0. This flaw resides in the AB+.php file and can be exploited by manipulating the Bloodname argument. Successful exploitation allows remote attackers to inject malicious scripts, potentially compromising user sessions and data integrity. The vulnerability is fixed in version 1.0.1.
The XSS vulnerability in Blood Bank System allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a victim's browser when they visit a page containing the injected script. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The impact is particularly severe if the Blood Bank System handles sensitive patient data, as an attacker could potentially gain access to this information. The remote nature of the vulnerability means it can be exploited from anywhere with network access to the system.
This vulnerability was publicly disclosed on 2025-03-06. A proof-of-concept exploit is likely to be available due to the public disclosure. The CVSS score of 3.5 (LOW) indicates a relatively low probability of exploitation, but the ease of exploitation and potential impact warrant prompt remediation. No KEV listing or confirmed exploitation campaigns are currently known.
Exploit Status
EPSS
0.12% (30% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-2049 is to upgrade to version 1.0.1 of the Blood Bank System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the Bloodname parameter in AB+.php to sanitize user-supplied data. While not a complete solution, this can reduce the risk of successful exploitation. Additionally, consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly review and update security policies and conduct penetration testing to identify and address potential vulnerabilities.
Update to a patched version or apply necessary security measures to prevent the execution of XSS code. Validate and sanitize user inputs, especially the Bloodname parameter in the AB+.php file. Implement a content security policy (CSP) to mitigate XSS risks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-2049 is a cross-site scripting (XSS) vulnerability in Blood Bank System version 1.0, allowing attackers to inject malicious scripts via the Bloodname parameter in AB+.php.
You are affected if you are using Blood Bank System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the Bloodname parameter.
While no confirmed exploitation campaigns are currently known, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-2049.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.