CVE-2014-5114

EUVD-2014-5012
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
webidsupportwebid
1.1.1
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html
http://www.securityfocus.com/bid/68519
http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html
http://www.securityfocus.com/bid/68519