CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-0217

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0517.html
http://secunia.com/advisories/18477
http://www.osvdb.org/22443
http://www.osvdb.org/22444
http://www.securityfocus.com/bid/16239
http://www.securityfocus.com/bid/16254
http://www.vupen.com/english/advisories/2006/0187
https://exchange.xforce.ibmcloud.com/vulnerabilities/24138
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0517.html
http://secunia.com/advisories/18477
http://www.osvdb.org/22443
http://www.osvdb.org/22444
http://www.securityfocus.com/bid/16239
http://www.securityfocus.com/bid/16254
http://www.vupen.com/english/advisories/2006/0187
https://exchange.xforce.ibmcloud.com/vulnerabilities/24138

Products affected by CVE-2006-0217

Ultimate Auction » Ultimate Auction » Version: 3.67

cpe:2.3:a:ultimate_auction:ultimate_auction:3.67

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0217

Products

Pricing

Contact Us