cvedb.io
CVE-2015-6010
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2015-09-28T02:59:06.467 · Last modified 2026-06-17T00:30:15.047

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php.

Affected products

refbase — refbase

Does this affect you?

Add your gear to cvedb and we'll alert you only when refbase ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.