- Description
- Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:refbase:refbase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D7A0B79-57C0-4644-933D-0740C6454F0D",
"versionEndIncluding": "0.9.0"
},
{
"criteria": "cpe:2.3:a:refbase:refbase:0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14F4E236-C640-41F1-BF57-63E39F875E81"
},
{
"criteria": "cpe:2.3:a:refbase:refbase:0.6.1:b1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58F0B9FF-D94F-4A3B-85C2-775609462A21"
},
{
"criteria": "cpe:2.3:a:refbase:refbase:0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "248F487A-6BE7-40A5-B5C4-692E6D62D682"
},
{
"criteria": "cpe:2.3:a:refbase:refbase:0.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22C8747F-798E-456E-96A8-26A004423DBD"
}
],
"operator": "OR"
}
]
}
]