PHP Script Tools PSY Auction 0 email_request.php user_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17974/info PSY Auction is prone to multiple input-validation vulnerabilities. The issues include HTML-injection and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...

CVE-2006-7004

The CVE-2006-7004 entry documents a Cross-site Scripting (XSS) vulnerability in the PSY Auction project, specifically in email_request.php, exploitable via the user_id parameter. The vulnerability description indicates that remote attackers can inject arbitrary web script or HTML, implying potent...