← back
CVE-2014-5101

CVE-2014-5101

EPSS 2.5%
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/39249unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.htmlhttp://www.securityfocus.com/bid/68519