CVE-2025-2049 MEDIUM

CVE-2025-2049: code-projects Blood Bank System AB+.php cross site scripting

Vendor Code-Projects

Product Blood Bank System

Weakness CWE-79 · XSS

Published March 6, 2025

Last update March 7, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file AB+.php. The manipulation of the argument Bloodname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

March 6, 2025 CVE published

March 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2049 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-33933 WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Contributor+ DOM-Based Cross Site Scripting (XSS) vulnerability CVE-2025-66090 WordPress SKT Skill Bar plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability CVE-2022-40968 WordPress 2kb Amazon Affiliates Store Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) CVE-2025-8200 Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget CVE-2024-9007 jeanmarc77 123solar detailed.php cross site scripting