Lucene search
HistorySep 28, 2015 - 2:59 a.m.
CVE-2015-6011
cve-2015-6011
web reference database
refbase
xml injection
id parameter
stylesheet parameter
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.2 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.9%
Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php.
Affected configurations
Node
refbaserefbaseRange≤0.9.6
| CPE | Name | Operator | Version |
|---|---|---|---|
| refbase:refbase | refbase | le | 0.9.6 |
References
Related
cvelist
cvelist
CVE-2015-6011
2015-09-28 01:00:00
nvd
nvd
CVE-2015-6011
2015-09-28 02:59:07
prion
prion
Design/Logic Flaw
2015-09-28 02:59:00
cert
cert
Web Reference Database (refbase) contains multiple vulnerabilities
2015-09-21 00:00:00
openvas
openvas
Web Reference Database Multiple Vulnerabilities
2015-10-05 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.2 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.9%
Related for CVE-2015-6011