CVE-2025-63533

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

PT-2025-48457

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

CVE-2025-63527

CVE-2025-63527 affects Blood Bank Management System 1.0. The XSS flaw exists in updateprofile.php and hprofile.php where user input is not properly sanitized/encoded, allowing injection of JavaScript via hname, hemail, hpassword, hphone, and hcity parameters. This input is rendered in the respons...

EUVD-2017-6329

Malware in sbrugna...

CVE-2025-9730

A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument userid results in sql injection. It is possible to launch the attack remotely. The exploit has been made...

Apartment Management System updateProfile.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter userid in the file /ajax/updateProfile.php. An attacker can exploit...

CVE-2024-10557

A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely...

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

Code-Projects Blood Bank Management System 跨站请求伪造漏洞

Code-Projects Blood Bank Management System is a Code-Projects open source blood bank management system. A cross-site request forgery vulnerability exists in Code-Projects Blood Bank Management System version 1.0, which originates from a cross-site request forgery vulnerability contained in the fi...

PT-2024-16366 · Code Projects · Blood Bank Management System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank Management System version 1.0 Description: A vulnerability has been found in the Blood Bank Management System, affecting an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-si...

CVE-2024-10447

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack...

PT-2024-16288 · Unknown · Project Worlds Online Time Table Generator

Name of the Vulnerable Software and Affected Versions: Project Worlds Online Time Table Generator version 1.0 Description: A critical vulnerability was found in the Project Worlds Online Time Table Generator. The issue affects an unknown functionality of the file...

PT-2024-11553 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for an Account Takeover via a POST request to "/profile/updateProfile" using the userId and email parameters. Authentication is required to exploit this issue. Recommendation...

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the slacki...

CVE-2022-30360

CVE-2022-30360 affects OvalEdge 5.2.8.0 and earlier. The vulnerability is described as multiple Stored XSS (Persistent/Type II) issues that can be triggered via a POST to the endpoint /profile/updateProfile using the slackid or phone parameters; authentication is required. The connected Red Hat/C...

Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting XSS Date: 2023-11-14 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/11/BloodBankInPHPWithSourcecode.zip Version: 1.0...

CVE-2023-46020

Cross Site Scripting XSS in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters...

Code-Projects Blood Bank Cross-Site Scripting Vulnerability

Code-Projects Blood Bank is a blood bank system from the Code-Projects project. A security vulnerability exists in Code-Projects Blood Bank version 1.0, which stems from a stored cross-site scripting XSS vulnerability in the rename and other parameters of the file updateprofile.php...

CVE-2023-39335 - Certificate creation authentication bypass in UPDATEPROFILE handler

Last Modified Date Dec 11, 2025 1:35:01 PM...

Design/Logic Flaw

TeamWork TicketPlus allows Arbitrary File Upload in updateProfile...