CVE-2025-63527

Published: Dec 1, 2025Modified: Dec 2, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the victim's browser when the page is viewed.

Affected (1)

Products: Shridharshukl: Blood Bank Management System

1 product

Blood Bank Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shridharshukl Blood Bank Management System	Version 1.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (3)

https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Shridharshukl/Blood-Bank-Management-System

Source: cve@mitre.org

Product

https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63527.md

Source: cve@mitre.org

Exploit

Timeline

No history available yet.