CVE-2022-50968

Name of the Vulnerable Software and Affected Versions uBidAuction version 2.0.1

Description A reflected cross-site scripting issue exists in the 'auctions/manage' module. The filter functionality fails to properly sanitize the date created, date from, date to, and created at parameters, enabling remote attackers to inject malicious scripts through crafted GET requests that execute within the victim's browser.

Recommendations As a temporary workaround, restrict access to the 'auctions/manage' module or avoid using the date created, date from, date to, and created at parameters until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.