CVE-2022-40470 Cross Site Scripting in Blood Donor Management System Using CodeIgniter - 1.0

Exploit Title: Cross Site Scripting in Blood Donor Management Using CodeIgniter - 1.0

Date: 9 Sep 2022

Exploit Author: RashidKhan Pathan

Vendor Homepage: https://phpgurukul.com/blood-donor-management-system-using-codeigniter

Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter

Version: v1.0

Tested on: Windows 10, Kali Linux

CVE : CVE-2022-40470

Description:

Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature

Steps to Reproduce:

to exploit the vulnerability attacker needs to Login as Admin then inject arbitrary code in Add Blood Group Name Field and Click Submit and then go to Manage Blood Group once attacker go inside Manage Blood Group the Payload Will Execute

Proof Of Concept:

https://drive.google.com/file/d/1UDuez2CTscdWXYzyXLi3x8CMs9IWLL11/view?usp=sharing