CVE-2023-46015

MEDIUM

Code-Projects Blood Bank 1.0 - Cross-Site Scripting via 'msg' Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46015. PoCs published by ersinerenler.

AI-analyzed exploit summary The repository provides a functional Proof of Concept (PoC) for CVE-2023-46015, demonstrating a Reflected Cross-Site Scripting (XSS) vulnerability in Code-Projects Blood Bank V1.0 via the 'msg' parameter in index.php. The PoC includes a payload and a crafted URL to trigger the XSS.

Description

Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL.

Exploits (1)

nomisec WORKING POC

by ersinerenler · poc

https://github.com/ersinerenler/CVE-2023-46015-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability

View Code ZIP pw:eip

The repository provides a functional Proof of Concept (PoC) for CVE-2023-46015, demonstrating a Reflected Cross-Site Scripting (XSS) vulnerability in Code-Projects Blood Bank V1.0 via the 'msg' parameter in index.php. The PoC includes a payload and a crafted URL to trigger the XSS.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Code-Projects Blood Bank V1.0

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/ersinerenler/CVE-2023-46015-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability

Scores

CVSS v3 6.1

EPSS 0.0047

EPSS Percentile 37.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

code-projects/blood_bank 1.0

Published Nov 13, 2023

Tracked Since Feb 18, 2026