CVE-2007-3540 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search (2) show (3) searchtype (4) catid and (5) searchtxt parameters a different version and vectors than CVE-2005-4060.

Reference

http://osvdb.org/36347 http://pridels-team.blogspot.com/2007/06/rwauction-pro-xss-vuln.html http://secunia.com/advisories/25849 http://www.securityfocus.com/bid/24668 http://www.vupen.com/english/advisories/2007/2368