CVE-2023-46020

Summary

CVE-2023-46020 is a Cross-Site Scripting (XSS) vulnerability affecting the updateprofile.php script in the Code-Projects Blood Bank 1.0 software. Attackers can exploit this issue by injecting malicious code into the 'rename', 'remail', 'rphone', and 'rcity' parameters, allowing them to execute arbitrary scripts in the users' browsers who visit a specially crafted page. This can lead to stolen sessions, sensitive data exposure, or even full account takeover. Users are advised to update to the latest version of the Blood Bank software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.