Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote malicious users to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
active web softwares active auction house 7.1 |