Description
Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.
Exploits (2)
References (3)
Core 3
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2444
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36490
Exploit x_refsource_misc
http://packetstormsecurity.org/0908-exploits/auctionrsscs-xss.txt
Scores
EPSS
0.0208
EPSS Percentile
84.1%
Details
CWE
CWE-79
Status
published
Products (1)
jce-tech/auction_rss_content_script
3.0
Published
Sep 15, 2009
Tracked Since
Feb 18, 2026