CVE-2002-0257

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

Published: May 29, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0257
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
usanet_creations / makebid_auction_deluxe	3.30	3.30.x
apache / http_server	1.3.19	1.3.19.x
apache / http_server	1.3.20	1.3.20.x
apache / http_server	1.3.18	1.3.18.x
apache / http_server	1.3.17	1.3.17.x
apache / http_server	1.3.22	1.3.22.x

http://marc.info/?l=bugtraq&m=101328880521775&w=2
http://www.iss.net/security_center/static/8161.php
http://www.netcreations.addr.com/dcforum/DCForumID2/126.html
http://www.securityfocus.com/bid/4069

Vulnerability Database

290,020

CVE-2002-0257