PT-2009-1479 · Aj · Aj Auction Pro Platinum

Injector5

Published

2009-01-28

Updated

2017-09-29

CVE-2008-6004

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions AJ Auction Pro Platinum version 2

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the product parameter in the "search.php" file.

Recommendations For AJ Auction Pro Platinum version 2, update the search.php file to properly sanitize the product parameter to prevent XSS attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-6004

Affected Products

Aj Auction Pro Platinum

PT-2009-1479 · Aj · Aj Auction Pro Platinum

CVE-2008-6004

Weakness Enumeration

Related Identifiers

Affected Products

References · 4