CVE-2002-0257

Apache HTTP Server - XSS

Title source: rule
STIX 2.1

Description

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101328880521775&w=2
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8161.php
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4069

Scores

EPSS 0.0421
EPSS Percentile 89.9%

Details

Status published
Products (6)
apache/http_server 1.3.17
apache/http_server 1.3.18
apache/http_server 1.3.19
apache/http_server 1.3.20
apache/http_server 1.3.22
usanet_creations/makebid_auction_deluxe 3.30
Published May 29, 2002
Tracked Since Feb 18, 2026