Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2008-04-29 17:10
Updated : 2017-08-07 18:30
NVD link : CVE-2008-2011
Mitre link : CVE-2008-2011
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
national_rail_enquiries
- national_rail_enquiries_live_departure_boards