Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://www.kb.cert.org/vuls/id/374092 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2015-09-28T01:00:00
Updated: 2024-08-06T07:06:35.103Z
Reserved: 2015-08-14T00:00:00
Link: CVE-2015-6010
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-09-28T02:59:06.467
Modified: 2024-11-21T02:34:17.427
Link: CVE-2015-6010
Redhat
No data.