CVE-2005-2254

Name of the Vulnerable Software and Affected Versions: PhpAuction version 2.5

Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved by injecting malicious input via the lan parameter to "index.php" or "admin/index.php", or via the auction id parameter to "profile.php".

Recommendations: For PhpAuction version 2.5, update the software to a version that addresses the XSS vulnerabilities, ensuring that user input is properly sanitized to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the "index.php", "admin/index.php", and "profile.php" pages to minimize the risk of exploitation.