CVE-2005-2254
Last modified
CVE-2005-2254 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.. EPSS estimates a 0.99% chance of exploitation in the next 30 days.
Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gianluca Baldo | Phpauction | 2.5 |
References
- http://secunia.com/advisories/15967Vendor Advisory
- http://securitytracker.com/id?1014423Exploit, Vendor Advisory
- http://secunia.com/advisories/15967Vendor Advisory
- http://securitytracker.com/id?1014423Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-2254?
How severe is CVE-2005-2254?
How do I fix CVE-2005-2254?
Are you affected by CVE-2005-2254?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST