PT-2007-4798 · Rwauction · Rwauction Pro

R0T

Published

2007-07-03

Updated

2011-03-08

CVE-2007-3540

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions rwAuction Pro version 5.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters in the search.asp file. The vulnerable parameters include search, show, searchtype, catid, and searchtxt.

Recommendations For rwAuction Pro version 5.0, ensure proper input validation and sanitization for the search, show, searchtype, catid, and searchtxt parameters in the search.asp file to prevent XSS attacks. As a temporary workaround, consider restricting access to the search.asp file until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3540

Affected Products

Rwauction Pro

PT-2007-4798 · Rwauction · Rwauction Pro

CVE-2007-3540

Related Identifiers

Affected Products

References · 6