Reflected XSS in Code-Projects Blood Bank System 1.0 Login Page (CVE-2024-8174)

Key Information 1. Vulnerability Description: - Product: Code-Projects Blood Bank System 1.0 - Component: Login Page - File: /login.php - Issue: User input values are improperly processed and output to the web page, leading to a Cross-Site Scripting (XSS) vulnerability. 2. Vulnerability Type: - CWE: 79 - Cross-site Scripting (XSS) 3. Impact: - CVSS Meta Temp Score: 4.8 - Current Vulnerability Price: $0-$5k - CTI Interest Score: 1.23 4. Discovery Date: - Discovered On: August 22, 2024 5. Vulnerability Disclosure: - Disclosure Platform: GitHub - Vulnerability ID: CVE-2024-8174 6. Attack Vector: - Remote Attack - No Authentication Required - User Interaction Required 7. Technical Details: - Technical Details Publicly Available - MITRE ATT&CK Technique Used: T1059.007 8. Code Responsibility: - Code Snippet: 9. Public Exploit: - Exploit Code Publicly Available - Exploit Language: PHP - Exploit Code Link: GitHub 10. Vulnerability Status: - Status: Publicly Disclosed - Status: Fixed Summary This vulnerability is a Cross-Site Scripting (XSS) flaw affecting the login page of Code-Projects Blood Bank System 1.0. The vulnerability resides in the file /login.php, where user input values are improperly processed and output to the web page, potentially leading to XSS attacks. The vulnerability has been publicly disclosed, with technical details and exploit code made available.

Goal Reached Thanks to every supporter — we hit 100%!

Reflected XSS in Code-Projects Blood Bank System 1.0 Login Page (CVE-2024-8174)