AI description
CVE-2025-1577 is a cross-site scripting (XSS) vulnerability found in the code-projects Blood Bank System, version 1.0. The vulnerability exists in the `/prostatus.php` file and is due to improper neutralization of user input in the `message` argument. This allows attackers to inject malicious scripts that can be executed in the browsers of other users visiting the affected page. The vulnerability can be exploited remotely. This vulnerability has been assigned the Common Weakness Enumeration (CWE) identifier CWE-79, which refers to improper neutralization of input during web page generation. Exploit code is publicly available, increasing the risk of this vulnerability being exploited in the wild. As of today, February 24, 2025, this information is current, but the situation may change as new details emerge.
- Description
- A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 5.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
- Hype score
- Not currently trending
CVE-2025-1577 Cross-Site Scripting in Blood Bank System 1.0 via /prostatus.php Argument https://t.co/cCHXhnh6VP
@VulmonFeeds
23 Feb 2025
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1577 A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the… https://t.co/Nbsmm96QTZ
@CVEnew
23 Feb 2025
998 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:code-projects:blood_bank_system:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB3CB4C2-E5C6-4136-B3A8-418484B48FD2"
}
],
"operator": "OR"
}
]
}
]