CVE-2022-50963

MEDIUM

uBidAuction 2.0.1 myAuctions active Reflected XSS

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50963. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple non-persistent XSS vulnerabilities in uBidAuction v2.0.1. It includes affected parameters, modules, and proof-of-concept URLs demonstrating the exploitation of vulnerable GET parameters.

Description

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/50693

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple non-persistent XSS vulnerabilities in uBidAuction v2.0.1. It includes affected parameters, modules, and proof-of-concept URLs demonstrating the exploitation of vulnerable GET parameters.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: uBidAuction v2.0.1

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 10, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

Vulnerability Lab Advisory

https://www.vulnerability-lab.com/get_content.php?id=2289

Exploit exploit

Exploit-DB

https://www.exploit-db.com/exploits/50693

Product product

Product Homepage

https://www.apphp.com/codemarket/items/48/ubidauction-php-classic-and-bid-auctions-script

Third Party Advisory third-party-advisory

VulnCheck Advisory: uBidAuction 2.0.1 myAuctions active Reflected XSS

https://www.vulncheck.com/advisories/ubidauction-myauctions-active-reflected-xss

Scores

CVSS v3 6.1

EPSS 0.0025

EPSS Percentile 15.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

uBidAuction/uBidAuction 2.0.1

Published May 10, 2026

Tracked Since May 10, 2026