Mewsoft NetAuction 3.0 - Cross-Site Scripting Vulnerability

ID EDB-ID:21553
Type exploitdb
Reporter windows-1256
Modified 2002-06-14T00:00:00


Mewsoft NetAuction 3.0 Cross Site Scripting Vulnerability. CVE-2002-1703. Webapps exploit for cgi platform


NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML code will be executed in the browser of a web user who visits this link, in the security context of the host running NetAuction. Such a link might be included in a HTML e-mail or on a malicious webpage.