CVE 8.5 HIGH

CVE-2025-63527_CVE-2025-63527

December 1, 2025 invoker category_cve

8.5 / 10

HIGH

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N

Description

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the victim's browser when the page is viewed.

AI Analysis

Cross-site scripting (XSS) vulnerability in Blood Bank Management System 1.0

Basic Information

ID CVE-2025-63527

Source mitre

Published Dec 1, 2025 at 00:00

Modified Dec 1, 2025 at 20:02

Affected Product

Vendor Shridharshukl

Product Blood Bank Management System

Version 1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-79

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Shridharshukl

Product Blood Bank Management System

Version 1.0

References

{
    "lastseen": "",
    "description": "A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the victim's browser when the page is viewed.",
    "published": "2025-12-01T00:00:00.000Z",
    "modified": "2025-12-01T20:02:07.793Z",
    "type": "cve",
    "title": "CVE-2025-63527",
    "source": "mitre",
    "references": "https://github.com/Shridharshukl/Blood-Bank-Management-System\nhttps://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing\nhttps://github.com/kiwi865/CVEs/blob/main/CVE-2025-63527.md",
    "id": "CVE-2025-63527",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Blood Bank Management System",
    "version": "1.0",
    "vendor": "Shridharshukl",
    "ai_description": "Cross-site scripting (XSS) vulnerability in Blood Bank Management System 1.0",
    "ai_severity": "High",
    "ai_vendor": "Shridharshukl",
    "ai_product": "Blood Bank Management System",
    "ai_version": "1.0",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply