CVE-2005-4060

Rainworx Rwauction Pro - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/26745

View Code ZIP pw:eip

References (8)

Core 8

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17905

Third Party Advisory x_refsource_misc

http://pridels0.blogspot.com/2005/12/rwauction-pro-v40-xss-vuln.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/21475

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/2758

Third Party Advisory mailing-list x_refsource_vim

http://www.attrition.org/pipermail/vim/2006-April/000713.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15740

Various Sources x_refsource_misc

http://pridels-team.blogspot.com/2007/06/rwauction-pro-xss-vuln.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/23466

Scores

EPSS 0.0076

EPSS Percentile 73.3%

Details

CWE

CWE-79

Status published

Products (2)

rainworx/rwauction_pro 4.0

rainworx/rwauction_pro 5.0

Published Dec 07, 2005

Tracked Since Feb 18, 2026