CVE-2002-0257 — Cross-site Scripting in Creations Makebid Auction Deluxe

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

6.6%

top 8.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Usanet Creations Makebid Auction Deluxe

Timeline

PublishedMay 29

Latest updateApr 30

Description

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDusanet_creations/makebid_auction_deluxe3.30

▶NVDapache/http_server5 versions+4

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-cp75-277r-65xg: Cross-site scripting vulnerability in auction↗2022-04-30

▶

CVEList

CVE-2002-0257: Cross-site scripting vulnerability in auction↗2002-05-03

▶