2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 search, 2 show, 3 searchtype, 4 catid, and 5 searchtxt parameters, a different version and vectors than CVE-2005-4060...
CVE-2005-4060
The CVE-2005-4060 entry concerns a Cross-site scripting (XSS) vulnerability in rwAuction Pro 4.0 and 5.0, specifically in the search.asp page where the searchtxt parameter can be used to inject arbitrary web script or HTML. The vulnerability is caused by insufficient input sanitization in the sea...