Multiple Cross-Site Scripting (XSS) Vulnerabilities in PhpAuction 2.5

Multiple Cross-Site Scripting (XSS) Vulnerabilities in PhpAuction 2.5

CVE-2005-2254 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.

Learn more about our Web App Pen Testing.