Description
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
Remediation
References
Related Vulnerabilities
LimeSurvey Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-16184)
MySQL CVE-2022-21315 Vulnerability (CVE-2022-21315)
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress SQL Injection (1.3.11.13)
ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0204)