PT-2009-2586 · Webid · Webid
Fisher762
·
Published
2009-08-28
·
Updated
2017-09-29
·
CVE-2008-7117
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
WeBid auction script version 0.5.4
Description
The issue allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the
file parameter set to style.css. This can probably be leveraged for cross-site scripting (XSS) attacks.Recommendations
For WeBid auction script version 0.5.4, avoid using the
file parameter to access style.css until a fix is available. As a temporary workaround, consider restricting access to the eledicss.php file to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webid