Web Reference Database (aka refbase) up to and including 0.9.6 and bleeding-edge prior to 2015-01-08 allows remote malicious users to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
refbase refbase |