Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 and bleeding-edge through 2015-04-28 allow remote malicious users to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) databaseStructureFile, or (4) pathToBibutils parameter to install.php or the (5) adminUserName parameter to update.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
refbase refbase |