Vulnerabilities > Webidsupport > Webid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-08 | CVE-2023-47397 | Code Injection vulnerability in Webidsupport Webid WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. | 9.8 |
| 2022-10-14 | CVE-2022-41477 | Server-Side Request Forgery (SSRF) vulnerability in Webidsupport Webid A security issue was discovered in WeBid <=1.2.2. | 9.1 |
| 2021-01-27 | CVE-2020-23359 | Incorrect Comparison vulnerability in Webidsupport Webid 1.2.2 WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. | 7.5 |
| 2019-04-29 | CVE-2019-11592 | Cross-site Scripting vulnerability in Webidsupport Webid 1.2.2 WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php. | 4.3 |
| 2018-12-20 | CVE-2018-1000882 | Path Traversal vulnerability in Webidsupport Webid WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. | 5.0 |
| 2018-12-20 | CVE-2018-1000868 | Cross-site Scripting vulnerability in Webidsupport Webid WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. | 4.3 |
| 2018-12-20 | CVE-2018-1000867 | SQL Injection vulnerability in Webidsupport Webid WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. | 6.5 |
| 2014-07-29 | CVE-2014-5114 | Remote Security vulnerability in Webidsupport Webid 1.1.1 WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. | 7.5 |
| 2014-07-25 | CVE-2014-5101 | Cross-Site Scripting vulnerability in Webidsupport Webid 1.1.1 Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php. | 4.3 |
| 2011-10-07 | CVE-2010-4873 | Cross-Site Scripting vulnerability in Webidsupport Webid 0.8.5 Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |