CVE-2025-63526

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter, which is then executed in the victim's browser when the page is viewed.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.5 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
mitreCNA
8.5 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
shridharshuklblood_bank_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing
https://github.com/Shridharshukl/Blood-Bank-Management-System
https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63526.md