CVE-2014-5101 | Date: (C)2014-08-06 (M)2023-12-22 |
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 4.3 |
Exploit Score: 8.6 |
Impact Score: 2.9 |
|
CVSS V2 Metrics: |
Access Vector: NETWORK |
Access Complexity: MEDIUM |
Authentication: NONE |
Confidentiality: NONE |
Integrity: PARTIAL |
Availability: NONE |
| |