Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=101328880521775&w=2 | |
http://www.iss.net/security_center/static/8161.php | Patch Vendor Advisory |
http://www.netcreations.addr.com/dcforum/DCForumID2/126.html | |
http://www.securityfocus.com/bid/4069 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-05-03T04:00:00
Updated: 2016-10-17T13:57:01
Reserved: 2002-05-01T00:00:00
Link: CVE-2002-0257
JSON object: View
NVD Information
Status : Modified
Published: 2002-05-29T04:00:00.000
Modified: 2016-10-18T02:17:45.343
Link: CVE-2002-0257
JSON object: View
Redhat Information
No data.
CWE