PT-2002-1327 · Makebid · Makebid Auction Deluxe

Published

2002-05-03

Updated

2016-10-18

CVE-2002-0257

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MakeBid Auction Deluxe version 3.30

Description A cross-site scripting issue exists, allowing remote attackers to obtain information from other users via form fields, including TITLE, DESCTIT, DESC, searchstring, ALIAS, EMAIL, ADDRESS1, ADDRESS2, ADDRESS3, PHONE1, PHONE2, PHONE3, and PHONE4.

Recommendations For MakeBid Auction Deluxe version 3.30, update the auction.pl script to properly sanitize user input in the form fields to prevent cross-site scripting attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0257

Affected Products

Makebid Auction Deluxe

PT-2002-1327 · Makebid · Makebid Auction Deluxe

CVE-2002-0257

Related Identifiers

Affected Products

References · 6