Description
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29141
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30445
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452194/100/200/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2075
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23289
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21198
Scores
EPSS
0.0081
EPSS Percentile
74.3%
Details
Status
published
Products (1)
pwp_technologies/the_classified_ad_system
Published
Dec 27, 2006
Tracked Since
Feb 18, 2026