Summary
WeBid is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a local file-include vulnerability and a cross-site- scripting vulnerability.
Exploiting these issues can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, obtain potentially sensitive information, and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer
other attacks are also possible.
WeBid 0.85P1 is vulnerable
other versions may be affected.
References
Severity
Classification
-
CVE CVE-2010-4873 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Tiles Multiple XSS Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability