Published: 16/01/2006 Updated: 20/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote malicious users to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ultimate auction ultimate auction 3.67

source: wwwsecurityfocuscom/bid/16239/info Ultimate Auction is prone to a cross-site scripting vulnerability This issue is due to a failure in the application to properly sanitize user-supplied input An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the a ...

source: wwwsecurityfocuscom/bid/16254/info Ultimate Auction is prone to a cross-site scripting vulnerability This issue is due to a failure in the application to properly sanitize user-supplied input An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the a ...

NVD-CWE-Other http://www.securityfocus.com/bid/16239 http://www.osvdb.org/22443 http://www.osvdb.org/22444 http://secunia.com/advisories/18477 http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0517.html http://www.securityfocus.com/bid/16254 http://www.vupen.com/english/advisories/2006/0187 https://exchange.xforce.ibmcloud.com/vulnerabilities/24138 https://nvd.nist.gov https://www.exploit-db.com/exploits/27081/

CVE-2006-0217

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect