Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPAuction 多个 跨站脚本攻击漏洞
Vulnerability Description
PHPAuction是一套Web拍卖系统。 PhpAuction 2.5中存在多个跨站脚本攻击漏洞。 远程攻击者可通过index.php或admin/index.php的lan参数,profile.php的auction_id参数,注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A