vendor:
WeBid
by:
Woody Hughes
5,8
CVSS
(AV:N/AC:L/Au:S/C:C/I:P/A:N/E:P/RL:U/RC:ND/CDP:LM/TD:M/CR:ND/IR:ND/AR:ND)
Cross Site Request Forgery and persistent Cross Site Scripting
N/A
CWE
Product Name: WeBid
Affected Version From: 1.0.5
Affected Version To: 1.0.5
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu Linux
2012
WeBid <=1.0.5 Cross Site Scripting Vulnerabilities
WeBid does not properly check user input, thus allowing the <iframe> to execute and allow an attacker to send malicious code to the user who views the auction. Malicious attackers may access cookies, session tokens, or other sensitive information retained by a browser and used with the website.
Mitigation:
Upgrade to the latest version of WeBid.
