Vulnerabilities > CVE-2005-4229 - Cross-Site Scripting vulnerability in EveryAuction Auction.PL

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
everyauction
exploit available
NVD
Published: 2005-12-14
Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources and independently verified using source code inspection.

Vulnerable Configurations

Part Description Count
Application
Everyauction
1

Exploit-Db

descriptionEveryAuction 1.53 Auction.PL Cross-Site Scripting Vulnerability. CVE-2005-4229. Webapps exploit for cgi platform
idEDB-ID:26786
last seen2016-02-03
modified2005-12-13
published2005-12-13
reporter$um$id
sourcehttps://www.exploit-db.com/download/26786/
titleEveryAuction 1.53 Auction.PL Cross-Site Scripting Vulnerability

References