4 matches found
CVE-2025-63533
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...
CVE-2025-45754
A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...
CVE-2020-25761
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc...
CVE-2025-45754
SeedDMS 6.0.32 is affected by a stored XSS vulnerability: an attacker can inject JavaScript by using an XSS payload as a document name. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N with a base score of 5.4 (Medium). Exploitation details beyond creating a document name are ...