CVE-2007-3540

Name of the Vulnerable Software and Affected Versions rwAuction Pro version 5.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters in the search.asp file. The vulnerable parameters include search, show, searchtype, catid, and searchtxt.

Recommendations For rwAuction Pro version 5.0, ensure proper input validation and sanitization for the search, show, searchtype, catid, and searchtxt parameters in the search.asp file to prevent XSS attacks. As a temporary workaround, consider restricting access to the search.asp file until a patch is available.