Description
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://www.netcreations.addr.com/dcforum/DCForumID2/126.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101328880521775&w=2
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8161.php
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4069
Scores
EPSS
0.0421
EPSS Percentile
89.9%
Details
Status
published
Products (6)
apache/http_server
1.3.17
apache/http_server
1.3.18
apache/http_server
1.3.19
apache/http_server
1.3.20
apache/http_server
1.3.22
usanet_creations/makebid_auction_deluxe
3.30
Published
May 29, 2002
Tracked Since
Feb 18, 2026