CVE-2025-63527
Last modified
CVE-2025-63527 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the victim's browser when the page is viewed.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Shridharshukl | Blood Bank Management System | 1.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-63527?
How severe is CVE-2025-63527?
How do I fix CVE-2025-63527?
Are you affected by CVE-2025-63527?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST