Vulnerabilities > Rainworx

DATE CVE VULNERABILITY TITLE RISK
2022-05-02 CVE-2022-23904 Cross-Site Request Forgery (CSRF) vulnerability in Rainworx Auctionworx
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel.
network
rainworx CWE-352
6.0
2007-07-03 CVE-2007-3540 Cross-Site Scripting vulnerability in Rainworx Rwauction PRO 5.0
Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060.
network
rainworx
4.3
2005-12-07 CVE-2005-4060 Cross-Site Scripting vulnerability in Rainworx Rwauction PRO 4.0/5.0
Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter.
network
rainworx CWE-79
4.3