Vulnerability Details CVE-2005-4063
Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://pridels0.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html
- http://secunia.com/advisories/17902
- http://www.osvdb.org/21474
- http://www.securityfocus.com/bid/15737
- http://www.vupen.com/english/advisories/2005/2761
- http://pridels0.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html
- http://secunia.com/advisories/17902
- http://www.osvdb.org/21474
- http://www.securityfocus.com/bid/15737
- http://www.vupen.com/english/advisories/2005/2761
Products affected by CVE-2005-4063
-
cpe:2.3:a:netauctionhelp:netauctionhelp:*