CVE-2022-50964

The CVE-2022-50964 entry is for uBidAuction 2.0.1, affecting the auctions/myAuctions/status/loose module. The vulnerability is a reflected cross-site scripting (XSS) flaw caused by inadequate sanitization of the filter parameters date_created, date_from, date_to, and created_at in GET requests, a...

CVE-2022-50963 uBidAuction 2.0.1 myAuctions active Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...