Description
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6455)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.24)
WordPress 5.0.x Cross-Site Request Forgery (5.0 - 5.0.3)
WordPress Plugin Product Catalog for WordPress Unspecified Vulnerability (1.4.5)