CVE-2022-50963

Name of the Vulnerable Software and Affected Versions uBidAuction version 2.0.1

Description A reflected cross-site scripting issue exists in the 'auctions/myAuctions/status/active' module. The filter functionality fails to properly sanitize the date created, date from, date to, and created at parameters, enabling remote attackers to inject malicious scripts through crafted GET requests that execute within the victim's browser.

Recommendations As a temporary workaround, restrict the use of the date created, date from, date to, and created at parameters in the 'auctions/myAuctions/status/active' module until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.