Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2015-09-28T01:00:00

Updated: 2024-08-06T07:06:35.103Z

Reserved: 2015-08-14T00:00:00

Link: CVE-2015-6010

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-09-28T02:59:06.467

Modified: 2024-11-21T02:34:17.427

Link: CVE-2015-6010

cve-icon Redhat

No data.