7.5
CVE-2002-0257
- EPSS 4.21%
- Veröffentlicht 29.05.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:05
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version1.3.17
Apache ≫ HTTP Server Version1.3.18
Apache ≫ HTTP Server Version1.3.19
Apache ≫ HTTP Server Version1.3.20
Apache ≫ HTTP Server Version1.3.22
Usanet Creations ≫ Makebid Auction Deluxe Version3.30
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.21% | 0.897 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://marc.info/?l=bugtraq&m=101328880521775&w=2
http://www.iss.net/security_center/static/8161.php
http://www.netcreations.addr.com/dcforum/DCForumID2/126.html
http://www.securityfocus.com/bid/4069