CVE-2005-4063

2005-12-0711:00:00

mitre

www.cve.org

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp.

References

pridels0.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html

secunia.com/advisories/17902

www.osvdb.org/21474

www.securityfocus.com/bid/15737

www.vupen.com/english/advisories/2005/2761