CVE-2025-63528 HIGH

CVE-2025-63528

Vendor N/A
Product n/a
Published December 1, 2025
Last update December 1, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the error parameter, which is then executed in the victim's browser when the page is viewed.

Key dates

02Disclosure timeline

December 1, 2025 CVE published
December 1, 2025 Record updated