Description

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

Remediation

References

CVE-2002-0257

Related Vulnerabilities

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler SQL Injection (6.3.0)

OpenSSL Improper Input Validation Vulnerability (CVE-2016-6305)

WordPress Plugin Top 10-Popular posts for WordPress Cross-Site Request Forgery (2.9.4)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Privilege Escalation (3.3.1)

WordPress Plugin Portfolio for Elementor, Image Gallery & Post Grid-PowerFolio Cross-Site Scripting (2.3)

Severity

High

Classification

CVE-2002-0257

Tags

Missing Update Known Vulnerabilities