Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1030

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-1030
Last Modified 05 Sep 2008 04:48:01
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-1030

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.

Vulnerable Systems

Application

  • Active Web Softwares Active Auction House 7.1


References

XF - aah-multiple-scripts-xss(19975)

SECTRACK - 1013649

BID - 13039

BID - 13038

BID - 13036

SECUNIA - 14839

BUGTRAQ - 20050406 Active Auction House has multiple Sql injection, error and XSS

OSVDB - 15287

OSVDB - 15286

OSVDB - 15285

OSVDB - 15284


Last Updated: 27 May 2016 10:40:01