What is CVE-2025-2049 — XSS in Blood Bank System 1.0?

CVE-2025-2049 is a cross-site scripting (XSS) vulnerability in Blood Bank System version 1.0, allowing attackers to inject malicious scripts via the Bloodname parameter in AB+.php.

Am I affected by CVE-2025-2049 in Blood Bank System 1.0?

You are affected if you are using Blood Bank System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.

How do I fix CVE-2025-2049 in Blood Bank System 1.0?

Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the Bloodname parameter.

Is CVE-2025-2049 being actively exploited?

While no confirmed exploitation campaigns are currently known, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation.

Where can I find the official Blood Bank System advisory for CVE-2025-2049?

Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-2049.

CVE-2025-2049 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-2049 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• php / server:

grep -r "Bloodname = $_GET['Bloodname']" /var/www/html/

• generic web:

curl -I http://your-blood-bank-system/AB+.php?Bloodname=<script>alert('XSS')</script>

code-projects Blood Bank System AB+.php cross site scripting

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigir

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-2049 — XSS in Blood Bank System 1.0?

Am I affected by CVE-2025-2049 in Blood Bank System 1.0?

How do I fix CVE-2025-2049 in Blood Bank System 1.0?

Is CVE-2025-2049 being actively exploited?

Where can I find the official Blood Bank System advisory for CVE-2025-2049?

Seu projeto está afetado?