CVE-2025-63526 HIGH

CVE-2025-63526

Vendor N/A
Product n/a
Published December 1, 2025
Last update December 1, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter, which is then executed in the victim's browser when the page is viewed.

Key dates

02Disclosure timeline

December 1, 2025 CVE published
December 1, 2025 Record updated