CVE-2025-63526

Published: Dec 1, 2025Modified: Dec 2, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter, which is then executed in the victim's browser when the page is viewed.

Affected (1)

Products: Shridharshukl: Blood Bank Management System

1 product

Blood Bank Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shridharshukl Blood Bank Management System	Version 1.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (3)

https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Shridharshukl/Blood-Bank-Management-System

Source: cve@mitre.org

Product

https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63526.md

Source: cve@mitre.org

Exploit

Timeline

No history available yet.