Vulnerabilities > CVE-2006-0217 - Cross-Site Scripting vulnerability in Ultimate Auction Ultimate Auction 3.67
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Ultimate Auction 3.67 ItemList.PL Cross-Site Scripting Vulnerability. CVE-2006-0217. Webapps exploit for cgi platform id EDB-ID:27091 last seen 2016-02-03 modified 2006-01-16 published 2006-01-16 reporter querkopf source https://www.exploit-db.com/download/27091/ title Ultimate Auction 3.67 ItemList.PL Cross-Site Scripting Vulnerability description Ultimate Auction 3.67 Item.PL Cross-Site Scripting Vulnerability. CVE-2006-0217. Webapps exploit for cgi platform id EDB-ID:27081 last seen 2016-02-03 modified 2006-01-14 published 2006-01-14 reporter querkopf source https://www.exploit-db.com/download/27081/ title Ultimate Auction 3.67 Item.PL Cross-Site Scripting Vulnerability
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0517.html
- http://secunia.com/advisories/18477
- http://www.osvdb.org/22443
- http://www.osvdb.org/22444
- http://www.securityfocus.com/bid/16239
- http://www.securityfocus.com/bid/16254
- http://www.vupen.com/english/advisories/2006/0187
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24138