← back
CVE-2022-50962

uBidAuction 2.0.1 myOrders Reflected XSS

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
uBidAuction · uBidAuction
public PoCs found2
cve_referencewww.exploit-db.com/exploits/50693unverifiedcve_referencewww.vulnerability-lab.com/get_content.php?id=2289unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.apphp.com/codemarket/items/48/ubidauction-php-classic-and-bid-auctions-scripthttps://www.exploit-db.com/exploits/50693https://www.vulncheck.com/advisories/ubidauction-myorders-reflected-xsshttps://www.vulnerability-lab.com/get_content.php?id=2289