CVE-2015-6010

CVE-2015-6010 affects Web Reference Database (refbase) versions 0.9.6 and earlier/bleeding-edge before 2015-01-08, with multiple vulnerabilities enabling remote XSS via numerous parameters (e.g., error.php: errorNo/errorMsg; duplicate_manager.php: viewType; query_manager.php: queryAction, display...

CVE-2015-6011

CVE-2015-6011 affects the Web Reference Database (refbase) prior to 0.9.6 (and bleeding-edge builds before 2015-01-08). The vulnerability is an XML injection via the unapi.php id parameter or the sru.php stylesheet parameter. Technical detail across connected sources confirms this is an XML injec...

CVE-2015-6012

CVE-2015-6012 concerns Web Reference Database (refbase) open redirect via the referrer parameter. Connected sources confirm multiple open redirect vulnerabilities affecting refbase versions 0.9.6 and earlier, with exploitation enabling phishing by redirecting users to arbitrary sites. The core de...

CVE-2015-7381

Web Reference Database (refbase)

CVE-2015-7382

The connected documents confirm a SQL injection vulnerability in Web Reference Database (refbase) through version 0.9.6, exploitable via the defaultCharacterSet parameter in install.php, enabling remote execution of arbitrary SQL commands. This CVE is distinct from CVE-2015-6009 and is listed amo...