CVE-2015-6011

Name of the Vulnerable Software and Affected Versions Web Reference Database (aka refbase) versions prior to 0.9.6 and bleeding-edge versions prior to 2015-01-08

Description The issue allows remote attackers to conduct XML injection attacks. This can be achieved via two parameters: the id parameter to the "unapi.php" endpoint or the stylesheet parameter to the "sru.php" endpoint.

Recommendations For versions prior to 0.9.6, update to version 0.9.6 or later to resolve the issue. For bleeding-edge versions prior to 2015-01-08, ensure you are using a version from 2015-01-08 or later. As a temporary workaround, consider restricting access to the "unapi.php" and "sru.php" endpoints until a patch is available. Avoid using the id parameter in the "unapi.php" endpoint and the stylesheet parameter in the "sru.php" endpoint until the issue is resolved.