CVE-2023-41575

MEDIUM

Blood Bank & Donor Management v2.2 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-41575. PoCs published by SoundarXploit.

AI-analyzed exploit summary The repository contains only a minimal README with a CVE identifier and a brief description of a Stored XSS vulnerability. No exploit code, technical details, or proof-of-concept is provided.

Description

Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.

Exploits (1)

nomisec STUB

by SoundarXploit · poc

https://github.com/SoundarXploit/Stored-xss

View Code ZIP pw:eip

The repository contains only a minimal README with a CVE identifier and a brief description of a Stored XSS vulnerability. No exploit code, technical details, or proof-of-concept is provided.

Classification

Stub 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: unspecified

No auth needed

Prerequisites: none specified

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/soundarkutty/Stored-xss/blob/main/poc

View Writeup ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0043

EPSS Percentile 34.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

phpgurukul/blood_bank_\&_donor_management_system 2.2

Published Sep 08, 2023

Tracked Since Feb 18, 2026