Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget prior to 1.1 allows remote National Rail Enquiries servers or man-in-the-middle malicious users to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
national rail enquiries national rail enquiries live departure boards |