Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0257

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0257
Last Modified 05 Sep 2008 04:27:34
Published 29 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0257

Summary

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

Vulnerable Systems

Application

  • Apache Http Server 1.3.17

  • Apache Http Server 1.3.18

  • Apache Http Server 1.3.19

  • Apache Http Server 1.3.20

  • Apache Http Server 1.3.22

  • Usanet Creations Makebid Auction Deluxe 3.30


References

BID - 4069

XF - makebid-description-css(8161)

BUGTRAQ - 20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30

CONFIRM - http://www.netcreations.addr.com/dcforum/DCForumID2/126.html


Last Updated: 27 May 2016 10:36:50