Description
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
Remediation
References
Related Vulnerabilities
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2327)
WordPress Plugin Easy2Map Cross-Site Scripting (1.5.5)
WordPress Plugin Bongolive SMS Cross-Site Scripting (1.0.5)
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)
WordPress Plugin Global Flash Galleries Cross-Site Scripting (0.13.4)