PT-2002-2425 · Mewsoft · Mewsoft Netauction
Publicado
2002-12-31
·
Atualizado
2017-07-11
·
CVE-2002-1703
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Mewsoft NetAuction version 3.0
Description
The issue is related to a cross-site scripting vulnerability (XSS) in the auction.cgi component. It allows remote attackers to execute arbitrary script as other users via the
Term parameter in the affected API endpoint.Recommendations
For Mewsoft NetAuction version 3.0, consider restricting access to the
Term parameter in the auction.cgi component to minimize the risk of exploitation. As a temporary workaround, avoid using the Term parameter until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mewsoft Netauction