CVE-2026-5240

MEDIUM

code-projects BloodBank Managing System admin_state.php cross site scripting

Title source: cna

Description

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/354390

[Signature, Permissions Required] https://vuldb.com/vuln/354390/cti

[Third Party Advisory] https://vuldb.com/submit/780525

[Exploit] https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Blood%20Bank%20Managing%20System%20PHP%20statename%20Parameter.md

View Exploit ZIP pw:eip

[Product] https://code-projects.org/

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 10.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

code-projects/BloodBank Managing System 1.0

Published Apr 01, 2026

Tracked Since Apr 01, 2026