XML Injection Vulnerability in Web Reference Database (aka refbase)

XML Injection Vulnerability in Web Reference Database (aka refbase)

CVE-2015-6011 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php.

Learn more about our Api Penetration Testing.