Arbitrary Script Execution via Term Parameter in Mewsoft NetAuction 3.0

Arbitrary Script Execution via Term Parameter in Mewsoft NetAuction 3.0

CVE-2002-1703 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter.

Learn more about our User Device Pen Test.