PT-2002-1327 · Makebid · Makebid Auction Deluxe

Publicado

2002-05-03

Atualizado

2016-10-18

CVE-2002-0257

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MakeBid Auction Deluxe version 3.30

Description A cross-site scripting issue exists, allowing remote attackers to obtain information from other users via form fields, including TITLE, DESCTIT, DESC, searchstring, ALIAS, EMAIL, ADDRESS1, ADDRESS2, ADDRESS3, PHONE1, PHONE2, PHONE3, and PHONE4.

Recommendations For MakeBid Auction Deluxe version 3.30, update the auction.pl script to properly sanitize user input in the form fields to prevent cross-site scripting attacks.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-0257

Produtos afetados

Makebid Auction Deluxe

PT-2002-1327 · Makebid · Makebid Auction Deluxe

CVE-2002-0257

Identificadores relacionados

Produtos afetados

Referências · 6