Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/374092 | Third Party Advisory US Government Resource |
Configurations
Information
Published : 2015-09-27 19:59
Updated : 2015-09-28 17:53
NVD link : CVE-2015-6011
Mitre link : CVE-2015-6011
JSON object : View
CWE
Products Affected
refbase
- refbase