Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
refbase 'headerMsg' Parameter 跨站脚本攻击漏洞
Vulnerability Description
refbase是一个基于网络的书目管理器,它可以导入和导出各种格式引用(包括BibTeX,尾注,MODS的XML和OpenOffice的)。它可以利用引文格式清单,并提供强大的搜索,丰富的元数据和RSS。 refbase 0.9.5之前的版本中存在跨站脚本攻击漏洞。远程攻击者可以借助对(1)show.php和(2)search.php中的headerMsg参数,注入任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A