eledicss.php in WeBid auction script 0.5.4 allows remote malicious users to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webidsupport webid 0.5.4 |