- Description
- A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the rname, remail, rpassword, rphone, rcity parameters, which are then executed in the victim's browser when the page is viewed.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- blood_bank_management_system
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
[CVE-2025-63533: HIGH] Alert: Critical XSS vulnerability in Blood Bank Management System 1.0! Attackers can inject malicious code through user inputs, risking browser compromise. Secure your system now.#cve,CVE-2025-63533,#cybersecurity https://t.co/RonZZhotV1 https://t.co/HfmGIL
@CveFindCom
1 Dec 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-63533 A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fa… https://t.co/6xrGzBQjcj
@CVEnew
1 Dec 2025
159 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shridharshukl:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B391DFD-8072-4642-9A31-9E4DE8648367",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]