Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ultimate Auction | Ultimate Auction | 3.67 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0517.htmlExploit
- http://secunia.com/advisories/18477ExploitVendor Advisory
- http://www.osvdb.org/22443
- http://www.osvdb.org/22444
- http://www.securityfocus.com/bid/16239Exploit
- http://www.securityfocus.com/bid/16254
- http://www.vupen.com/english/advisories/2006/0187
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24138
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0517.htmlExploit
- http://secunia.com/advisories/18477ExploitVendor Advisory
- http://www.osvdb.org/22443
- http://www.osvdb.org/22444
- http://www.securityfocus.com/bid/16239Exploit
- http://www.securityfocus.com/bid/16254
- http://www.vupen.com/english/advisories/2006/0187
FAQ
What is CVE-2006-0217?
CVE-2006-0217 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parame...
How severe is CVE-2006-0217?
CVE-2006-0217 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0217?
Check the references section above for vendor advisories and patch information. Affected products include: Ultimate Auction Ultimate Auction.