Design/Logic Flaw

2015-09-2802:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.9%

JSON

Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php.

CPENameOperatorVersion
refbasele0.9.6

CPE	Name	Operator	Version
	refbase	le	0.9.6

References

www.kb.cert.org/vuls/id/374092