header-logo
Suggest Exploit
vendor:
NetAuction
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: NetAuction
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

NetAuction Cross-Site Scripting Vulnerability

NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML code will be executed in the browser of a web user who visits this link, in the security context of the host running NetAuction. Such a link might be included in a HTML e-mail or on a malicious webpage.

Mitigation:

Filter HTML code from URI parameters.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5023/info

NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML code will be executed in the browser of a web user who visits this link, in the security context of the host running NetAuction. Such a link might be included in a HTML e-mail or on a malicious webpage.

http://www.xxxx.com/cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search
&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('OopS');</script>&
Where=&Sort=Photo&Dir=

Navigation

Suggest Exploit

Services By CQR