CVE-2024-9084

Summary

CVE-2024-9084 is a vulnerability found in the Blood Bank System version 1.0, specifically affecting the file bbms.php, which is susceptible to cross-site scripting (XSS) due to improper handling of input parameters such as fullname, age, blood group, city, phone number, and gender. The vulnerability can be exploited remotely with low complexity and requires user interaction. It poses a potential risk to organizations by allowing attackers to manipulate web content and possibly execute malicious scripts in the context of other users' sessions. To remediate this issue, it is crucial to sanitize and validate all user inputs before processing them within the application. This vulnerability has been publicly disclosed and categorized with a low severity score of 3.5 on the CVSS scale.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.