CVE-2022-50962

MEDIUM

uBidAuction 2.0.1 myOrders Reflected XSS

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50962. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The exploit demonstrates multiple non-persistent XSS vulnerabilities in uBidAuction v2.0.1 by injecting malicious script codes into vulnerable parameters such as 'date_created', 'date_from', 'date_to', and 'created_at'. The PoC includes specific URLs and payloads that trigger the XSS when processed by the application.

Description

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/50693

View Code ZIP pw:eip

The exploit demonstrates multiple non-persistent XSS vulnerabilities in uBidAuction v2.0.1 by injecting malicious script codes into vulnerable parameters such as 'date_created', 'date_from', 'date_to', and 'created_at'. The PoC includes specific URLs and payloads that trigger the XSS when processed by the application.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: uBidAuction v2.0.1

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 10, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

Exploit-DB

https://www.exploit-db.com/exploits/50693

Exploit exploit

Vulnerability Lab Advisory

https://www.vulnerability-lab.com/get_content.php?id=2289

Product product

Product Homepage

https://www.apphp.com/codemarket/items/48/ubidauction-php-classic-and-bid-auctions-script

Third Party Advisory third-party-advisory

VulnCheck Advisory: uBidAuction 2.0.1 myOrders Reflected XSS

https://www.vulncheck.com/advisories/ubidauction-myorders-reflected-xss

Scores

CVSS v3 6.1

EPSS 0.0025

EPSS Percentile 16.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

uBidAuction/uBidAuction 2.0.1

Published May 10, 2026

Tracked Since May 10, 2026