CVE-2022-50968

MEDIUM

uBidAuction 2.0.1 auctions manage Reflected XSS

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50968. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The exploit demonstrates multiple non-persistent XSS vulnerabilities in uBidAuction v2.0.1 by injecting malicious script codes into vulnerable parameters such as 'date_created', 'date_from', 'date_to', and 'created_at'. The PoC includes specific URLs and payloads that trigger the XSS when accessed via GET requests.

Description

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.

Exploits (1)

exploitdb WORKING POC
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/50693

The exploit demonstrates multiple non-persistent XSS vulnerabilities in uBidAuction v2.0.1 by injecting malicious script codes into vulnerable parameters such as 'date_created', 'date_from', 'date_to', and 'created_at'. The PoC includes specific URLs and payloads that trigger the XSS when accessed via GET requests.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: uBidAuction v2.0.1
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed May 10, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
Exploit-DB
https://www.exploit-db.com/exploits/50693
Exploit exploit
Vulnerability Lab Advisory
https://www.vulnerability-lab.com/get_content.php?id=2289
Third Party Advisory third-party-advisory
VulnCheck Advisory: uBidAuction 2.0.1 auctions manage Reflected XSS
https://www.vulncheck.com/advisories/ubidauction-auctions-manage-reflected-xss

Scores

CVSS v3 6.1
EPSS 0.0025
EPSS Percentile 16.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
uBidAuction/uBidAuction 2.0.1
Published May 10, 2026
Tracked Since May 10, 2026