CVE-2023-44484 MEDIUM

CVE-2023-44484: Online Blood Donation Management System v1.0 - Stored Cross-Site Scripting (XSS)

Vendor Projectworlds Pvt. Limited
Product Online Blood Donation Management System
Weakness CWE-79 · XSS
Published October 31, 2023
Last update September 6, 2024
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.

Key dates

02Disclosure timeline

October 31, 2023 CVE published
September 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-26123 CVE-2024-13501 WP-FormAssembly <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-47184 Ampache vulnerable to Stored XSS via Democratic Playlist Name CVE-2024-5946 Squelch Tabs and Accordions Shortcodes <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode CVE-2025-0595 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x