CVE-2025-1586

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 23, 2025

Updated: Feb 28, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-1586 is a newly identified vulnerability affecting the Blood Bank System 1.0 of code-projects. This issue, located in the file /Blood/A-.php, allows for cross-site scripting (XSS) attacks. By manipulating the argument "Bloodname," an attacker can inject malicious scripts, potentially gaining unauthorized access to user sessions. This vulnerability can be exploited remotely, making it a significant security risk. The exploit for this issue has been made public, increasing the threat level.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3nQUMH
https://www.cve.org/CVERecord?id=CVE-2025-1586
https://nvd.nist.gov/vuln/detail/CVE-2025-1586

Back to Vulnerability Database

CVE-2025-1586

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations