CVE 8.5 HIGH

CVE-2025-63533_CVE-2025-63533

December 1, 2025 invoker category_cve

8.5 / 10

HIGH

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N

Description

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the rname, remail, rpassword, rphone, rcity parameters, which are then executed in the victim's browser when the page is viewed.

AI Analysis

Cross-site scripting (XSS) vulnerability in Blood Bank Management System 1.0 due to insufficient input sanitization

Basic Information

ID CVE-2025-63533

Source mitre

Published Dec 1, 2025 at 00:00

Modified Dec 1, 2025 at 18:21

Affected Product

Vendor Shridharshukl

Product Blood Bank Management System

Version 1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-79

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Shridharshukl

Product Blood Bank Management System

Version 1.0

References

{
    "lastseen": "",
    "description": "A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the rname, remail, rpassword, rphone, rcity parameters, which are then executed in the victim's browser when the page is viewed.",
    "published": "2025-12-01T00:00:00.000Z",
    "modified": "2025-12-01T18:21:23.839Z",
    "type": "cve",
    "title": "CVE-2025-63533",
    "source": "mitre",
    "references": "https://github.com/Shridharshukl/Blood-Bank-Management-System\nhttps://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing\nhttps://github.com/kiwi865/CVEs/blob/main/CVE-2025-63533.md",
    "id": "CVE-2025-63533",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Blood Bank Management System",
    "version": "1.0",
    "vendor": "Shridharshukl",
    "ai_description": "Cross-site scripting (XSS) vulnerability in Blood Bank Management System 1.0 due to insufficient input sanitization",
    "ai_severity": "High",
    "ai_vendor": "Shridharshukl",
    "ai_product": "Blood Bank Management System",
    "ai_version": "1.0",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply