CVE-2026-5240 PUBLISHED

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

• AhmadMarzouk (VulDB User) reporter

• VDB-354390 | code-projects BloodBank Managing System admin_state.php cross site scripting
• VDB-354390 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #780525 | code-projects Blood Bank Managing System PHP 1.0 Cross Site Scripting
• https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Blood%20Bank%20Managing%20System%20PHP%20statename%20Parameter.md
• https://code-projects.org/

• Cross Site Scripting CWE
• Code Injection CWE