CVE-2005-1030 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL (2) password (3) username parameter (4) ReturnURL parameter to account.asp (5) Table (6) Title parameter to sendpassword.asp or (7) itemid to watchthisitem.asp.
Reference
http://digitalparadox.org/advisories/aass.txt http://marc.info/?l=bugtraq&m=111280834000432&w=2 http://secunia.com/advisories/14839 http://www.osvdb.org/15284 http://www.osvdb.org/15285 http://www.osvdb.org/15286 http://www.osvdb.org/15287 http://www.securityfocus.com/bid/13036 http://www.securityfocus.com/bid/13038 http://www.securityfocus.com/bid/13039 http://www.securitytracker.com/alerts/2005/Apr/1013649.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19975
Share on: