{"enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2017-04-28T13:20:18", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:18", "rev": 2}, "vulnersScore": 0.3}, "bulletinFamily": "software", "affectedSoftware": [{"name": "MySQL Auction", "operator": "eq", "version": "3.0"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:21685", "id": "OSVDB:21685", "title": "MySQL Auction Search Module keyword XSS", "type": "osvdb", "cvss": {"score": 0.0, "vector": "NONE"}, "lastseen": "2017-04-28T13:20:18", "edition": 1, "reporter": "r0t(krustevs@googlemail.com)", "description": "## Vulnerability Description\nMySQL Auction contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keyword' variable upon submission to the search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMySQL Auction contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keyword' variable upon submission to the search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://mysqlauction.com\n[Secunia Advisory ID:18006](https://secuniaresearch.flexerasoftware.com/advisories/18006/)\nOther Advisory URL: http://pridels.blogspot.com/2005/12/mysql-auction-xss-vuln.html\n", "modified": "2005-12-14T06:47:26", "viewCount": 0, "published": "2005-12-14T06:47:26", "cvelist": [], "immutableFields": []}

{}