A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the rname, remail, rpassword, rphone, rcity parameters, which are then executed in the victim's browser when the page is viewed.
Blood-Bank-Management-System https://github.com/Shridharshukl/Blood-Bank-Management-System
Login to the application and navigate to rprofile.php. Trigger an update to the profile.
Observed that the scripts were executed.
http://localhost:8080/hprofile.php?msg=Your%20profile%20is%20updated%20successfully.
