CVE-2005-1030

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19975

http://www.osvdb.org/15287

http://www.osvdb.org/15286

http://www.osvdb.org/15285

http://www.osvdb.org/15284

http://marc.info/?l=bugtraq&m=111280834000432&w=2

http://digitalparadox.org/advisories/aass.txt

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium