CVE-2022-50966

MEDIUM

uBidAuction 2.0.1 news manage Reflected XSS

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50966. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple non-persistent XSS vulnerabilities in uBidAuction v2.0.1. It includes affected parameters, modules, and proof-of-concept URLs demonstrating the injection points.

Description

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/50693

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple non-persistent XSS vulnerabilities in uBidAuction v2.0.1. It includes affected parameters, modules, and proof-of-concept URLs demonstrating the injection points.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: uBidAuction v2.0.1

No auth needed

Prerequisites: Access to vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 10, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

Exploit-DB

https://www.exploit-db.com/exploits/50693

Exploit exploit

Vulnerability Lab Advisory

https://www.vulnerability-lab.com/get_content.php?id=2289

Product product

Product Homepage

https://www.apphp.com/codemarket/items/48/ubidauction-php-classic-and-bid-auctions-script

Third Party Advisory third-party-advisory

VulnCheck Advisory: uBidAuction 2.0.1 news manage Reflected XSS

https://www.vulncheck.com/advisories/ubidauction-news-manage-reflected-xss

Scores

CVSS v3 6.1

EPSS 0.0025

EPSS Percentile 16.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

uBidAuction/uBidAuction 2.0.1

Published May 10, 2026

Tracked Since May 10, 2026